CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Read about an LFI vulnerability disclosed in MLflow which allowed unauthenticated remote attackers to read arbitrary files by exploiting URI fragments containing directory traversal sequences.

The post CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation appeared first on OffSec.