GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182

Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...

GHSA-J8W6-2R9H-CXHJ GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182

Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...

Server-side Request Forgery (SSRF)

MindsDB is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is caused due to a lack of URL validation in file.py. This allows an attacker to make arbitrary requests to internal resources that the MindsDB server can access, which leads Information Disclosure and SSRF...

CVE-2023-49795

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issu...

Server side request forgery (ssrf)

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issu...

CVE-2023-49795 MindsDB Server-Side Request Forgery vulnerability

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issu...

MindsDB 代码问题漏洞

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. An information disclosure vulnerability exists in MindsDB versions prior to 23.11.4.1, which stems from insufficient protection of sensitive information in file.py and can be exploited by an attacker to cause information...

PT-2023-31353 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB versions prior to 23.11.4.1 Description: MindsDB connects artificial intelligence models to real-time data. The issue is related to a server-side request forgery vulnerability in the file.py module. This can lead to limited informatio...

MindsDB Input Validation Error Vulnerability

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. An input validation error vulnerability exists in MindsDB versions prior to 23.11.4.1, which stems from the presence of a limited file write in file.py...

Arbitrary File Write

MindsDB is vulnerable to Arbitrary File Write. The vulnerability exists due to an unsafe extraction process in file.py which does not ensure relative file paths are escaped allowing an attacker to write arbitrary files outside the expected directory...