ReportizFlow
Filtered by vendor Mindsdb
Subscriptions
Filtered by product Mindsdb
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45848 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45847 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45846 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-24759 | 1 Mindsdb | 1 Mindsdb | 2024-09-06 | 9.3 Critical |
| MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. | ||||