BF Specification of CVE-2023-3765
-0.png)
Erroneous validation (does not check for absolute path format with '/', e.g. C:/ or C:/temp/poc.txt) in validate_path_is_safe() leads to file injection -- absolute path traversal. If exploited, this can lead to information exposure, data tempering, or denial of service -- confidentiality, integrity, and availability loss, correspondingly.
| vendor:product: lfprojects:mlflow | Bug Report | Code with Bug | Code with Fix | NVD Entry |
| Class | Definition |
| DVL | Data are validated (syntax check) or sanitized (escape, filter, repair) improperly. |
| Operation | Definition |
| Validate | Check data syntax (proper form/grammar) in order to accept (and possibly sanitize) or reject it (incl. check for missing symbols/elements). |
| Cause/Consequence | Definition |
| Code Defect Bug | The operation has a bug, which is the first cause for the chain of weaknesses underlying a software security vulnerability. The bug must be fixed to resolve the vulnerability. |
| Erroneous Code | The operation implementation has a bug. |
| Injection Final Error | An exploitable or undefined system behavior caused by 'code separation' data validation bugs. |
| File Injection | Maliciously inserted data (e.g., with .. and / or with file entries) into an input used to access/modify files or as a file content. |
| Operation Attribute | Definition |
| Mechanism | Shows how the buggy/faulty operation code is performed. |
| Format | A policy based on syntax format (e.g., defined via regular expression). |
| Source Code | Shows where the buggy/faulty operation code is in the program -- in what kind of software. |
| Codebase | The operation is in the programmer's code - in the application itself. |
| Execution Space | Shows where the buggy/faulty operation code is running or with what privilege level). |
| Local | The bugged code runs in an environment with access control policy with limited (local user) permission. |
| Operand Attribute | Definition |
| Data State | Shows where the data come from. |
| Transferred | The data are from another device via a network (e.g., connecting analog device or another computer). |