2488 matches found
Exploit for Code Injection in Geoserver
CVE-2024-36401-PoC Proof-of-Concept Exploit for CVE-2024-36401...
Code Injection
refuelautolabel is vulnerable to Code Injection. The vulnerability caused by improper use of the eval function to process CSV files in classification tasks. If a maliciously crafted CSV file containing Python code is provided, the eval function executes this code, leading to arbitrary code...
Code Injection
MindsDB is vulnerable to Code Injection. The vulnerability is due to the unsafe use of the eval function, which directly executes input Python code without proper validation. It allows an attackers to inject and execute arbitrary code via the 'SELECT WHERE' clause...
Eval Injection
MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in the Microsoft SharePoint integration within sharepointapi.py, where a specially crafted 'INSERT' query containing Python code is passed to the eval function, allowing an attacker to execute arbitrary code on...
Eval Injection
MindsDB is vulnerable to Eval Injection. The vulnerability is due to unsanitized input in several integrations, where a specially crafted 'UPDATE' query containing Python code is passed to an eval function and executed on the server...
Eval Injection
MindsDB is vulnerable to arbitrary code execution. The vulnerability is due to unsanitized input in the ChromaDB integration, where a specially crafted 'INSERT' query containing Python code is passed to an eval function and executed on the server...
GHSA-WF9G-C67G-H4CH MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...
MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...
GHSA-C85F-PCX6-2GHM MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...
GHSA-4FGP-7VVM-M4JF Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...
GHSA-WCJW-3V6P-4V3R MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...
GHSA-G2M8-F3X2-QPRW Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
GHSA-CRMG-RP64-5CM3 MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
GHSA-V6G6-3CM3-VF6C MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...
MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...
MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the cod...
Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...
Refuel Autolab Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...