104 matches found
CVE-2024-45846
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...
CVE-2024-45846
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...
CVE-2024-45846
The CVE-2024-45846 entry describes an arbitrary code execution vulnerability in MindsDB versions 23.10.3.0 through 24.7.4.1 when the Weaviate integration is installed. A specially crafted SELECT WHERE clause containing Python code can be passed to an eval function and executed on the server, impa...
CVE-2024-45846
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...
PT-2024-6371 · Mindsdb +1 · Mindsdb +1
Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Weaviate integration is installed on the server. If a specially crafted SELECT WHERE clause containing Python code is run against a...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: temporal, guac, rekor, wolfictl, bank-vaults, kubernetes-dashboard, nerdctl, vexctl, oauth2-proxy, caddy, flux-source-controller, cloudflared, gitsign, timestamp-authority, ko, falco, kots, falcoctl, kubescape, goreleaser, aactl, fulcio, skopeo, tekton-chains, step,...
GO-2023-2017 Denial of service vulnerability in github.com/weaviate/weaviate
A type conversion issue in Weaviate may allow a remote attack that would cause a denial of service...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: src, prometheus-blackbox-exporter, terraform-provider-sendgrid-fips, bank-vaults-fips, dgraph, slsa-verifier, kubevela, cortex, metrics-server-fips, up, volume-modifier-for-k8s-fips, timestamp-authority-fips, spark-operator, vault-csi-provider,...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: dgraph, prometheus-blackbox-exporter, falco, k3d, up, slsa-verifier, buildkitd, scorecard, terraform-provider-sendgrid, kubescape, cortex, kubevela, aactl, spark-operator, kubeflow, src...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: gke-gcloud-auth-plugin, cue, rqlite, coredns, dynamic-localpv-provisioner, aactl, nginx-stable, dgraph, flux-helm-controller, secrets-store-csi-driver, terraform, kubevela, buildkitd, pulumi-language-yaml, prometheus-blackbox-exporter, frp, gitness, gomplate, weaviat...
GHSA-8697-479H-5MFP Weaviate denial of service vulnerability
Impact This vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier. Who is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability. Patches A patch has been developed for this vulnerability. Patch releas...
Weaviate denial of service vulnerability
Impact This vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier. Who is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability. Patches A patch has been developed for this vulnerability. Patch releas...
Denial Of Service (DoS)
github.com/weaviate/weaviate is vulnerable to Denial Of Service DoS. The vulnerability exists because the handleUnbatchedGraphQLRequest function of handlersgraphql.go does not properly check the query type for the metrics request, allowing an attacker to crash the application...
GHSA-CH6W-MC6C-G65G Duplicate Advisory: weaviate denial of service vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8697-479h-5mfp. This link is maintained to preserve external references. Original Description An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the...
Duplicate Advisory: weaviate denial of service vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8697-479h-5mfp. This link is maintained to preserve external references. Original Description An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the...
CVE-2023-38976
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function...
CVE-2023-38976
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function...
Denial of service
An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function...
Weaviate 安全漏洞
Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate version v.1.20.0, which stems from a vulnerability that allows attackers to cause a denial of service DoS via the handleUnbatchedGraphQLRequest function...
CVE-2023-38976
CVE-2023-38976 affects Weaviate Server v1.20.0 (and earlier) and is caused by a flaw in handleUnbatchedGraphQLRequest that allows remote denial-of-service. The Red Hat/OSV/GHSA entries corroborate a DoS resulting from a type/query handling issue in GraphQL metrics handling, with the vulnerability...