3 matches found
CVE-2023-50731
creationtimestamp| type| source ---|---|--- 2023-12-22 22:22:08+00:00| seen| https://t.me/ctinow/158634 2024-01-05 15:16:36+00:00| seen| https://t.me/ctinow/163546 2026-03-21 07:30:02+00:00| seen| https://bsky.app/profile/nerq-ai.bsky.social/post/3mhkj4kdeyr2t...
CVE-2023-50731
CVE-2023-50731 – MindsDB : The vulnerability arises in mindsdb/mindsdb/api/http/namespaces/file.py, where the PUT path does not validate the user-controlled name used for a temporary file. This leads to path injection, allowing arbitrary file writes via f.write(chunk) and potential write outside ...
CVE-2023-50731 MindsDB has arbitrary file write in file.py
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...