{"vulnerability": "CVE-2024-1594", "sightings": [{"uuid": "ad1957e5-f46f-4d40-87aa-c0ae22325915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1594", "type": "seen", "source": "Telegram/r1wKJXjH2pTO0xeaSE1QheSc4QAYiX6QzNohFiLFxNX558lD", "content": "", "creation_timestamp": "2025-02-06T02:39:18.000000Z"}, {"uuid": "944eef6f-ce39-4605-9374-d7b29fca0099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1594", "type": "seen", "source": "https://t.me/arpsyndicate/4711", "content": "#ExploitObserverAlert\n\nCVE-2024-1594\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-1594. A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect.\n\nFIRST-EPSS: 0.000430000\nARPS-EXPLOITABILITY: 0.9019774", "creation_timestamp": "2024-04-18T06:48:53.000000Z"}]}