3 matches found
CVE-2023-30620
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...
CVE-2023-30620
The CVE-2023-30620 issue affects MindsDB where an unsafe extraction using tarfile.extractall() on a remotely retrieved tarball can write extracted files to unintended locations (TarSlip/ZipSlip-like). Affected MindsDB versions allowed remote tarball extraction without path validation, enabling ar...
CVE-2023-30620
creationtimestamp| type| source ---|---|--- 2023-03-30 14:30:58+00:00| published-proof-of-concept| https://github.com/mindsdb/minds-platform/security/advisories/GHSA-2g5w-29q9-w6hx 2023-04-22 00:31:59+00:00| seen| https://t.me/cibsecurity/62634 2026-03-21 07:30:04+00:00| seen|...