Site icon API Security Blog

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability exists because the `handlers.py` does not properly sanitize the path parameter, which allows an attacker to access files outside the expected directory and read arbitrary files through the `/get-artifact` API endpoint.Read More

Exit mobile version