CVE-2023-49796
CVE-2023-49796 affects MindsDB prior to 23.11.4.1, where the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-supplied name, enabling arbitrary file writes via path injection. Public sources corroborate a limited file write vulnerability in file.py. Affected ve...