CVE-2023-6940

CVSS V2 None CVSS V3 None
Description
with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
Overview
  • CVE ID
  • CVE-2023-6940
  • Assigner
  • @huntr_ai
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-12-19T01:41:12.560Z
  • Last Modified Date
  • 2023-12-19T01:41:12.560Z
Weakness Enumerations
CWE URL
CWE-77 http://cwe.mitre.org/data/definitions/77.html
References
Reference URL Reference Tags
https://huntr.com/bounties/c6f59480-ce47-4f78-a3dc-4bd8ca15029c
https://github.com/mlflow/mlflow/commit/5139b1087d686fa52e2b087e09da66aff86297b1
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-6940
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6940
History
Created Old Value New Value Data Type Notes
2024-06-25 06:06:46 Added to TrackCVE