Lucene search
K

3 matches found

Cvelist
Cvelist
added 2023/04/21 8:11 p.m.37 views

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

7.5CVSS7.6AI score0.01EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/03/30 8:16 p.m.23 views

Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...

8.8CVSS8.6AI score0.00883EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2023/03/30 6:4 p.m.37 views

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.5CVSS8.8AI score0.00883EPSS
Exploits1References1
Rows per page
Query Builder