CVE-2023-6568: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

December 7, 2023 (updated December 12, 2023)

Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0.

References

github.com/advisories/GHSA-vwhf-3v6x-wff8
github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
nvd.nist.gov/vuln/detail/CVE-2023-6568

Code Behaviors & Features

Detect and mitigate CVE-2023-6568 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →