6 matches found
CVE-2024-45854
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it...
CVE-2024-45854
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it...
CVE-2024-45854
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it...
PYSEC-2024-84
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it...
PYSEC-2024-84
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it...
PT-2024-31811 · Mindsdb · Mindsdb
Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 and newer Description: The issue is related to the deserialization of untrusted data in the MindsDB platform. This allows a maliciously uploaded 'inhouse' model to run arbitrary code on the server when a 'describe'...