3 matches found
GHSA-J8W6-2R9H-CXHJ GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
Impact Issue: Arbitrary file write in file.py GHSL-2023-183 Patches Use mindsdb staging branch or v23.11.4.1...
Server-Side Request Forgery in mindsdb
Impact The put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled URL in the source variable and uses it to create arbitrary requests on line 115, which allows Server-side request forgery SSRF. This issue may lead to Information Disclosure. The SSRF allows...