Critical flaw in AI testing framework MLflow can lead to server and data compromise

The vulnerability found by Dan McInerney is tracked as CVE-2023-1177 and is rated 10 (critical) on the CVSS scale. It is described as a local and remote file inclusion (LFI/RFI) via the API.
Source: cyware.com