Mindsdb

Mindsdb

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-45850

Exploit
  • EPSS 0.56%
  • Veröffentlicht 12.09.2024 13:15:13
  • Zuletzt bearbeitet 16.09.2024 17:35:56

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query c...

8.8

CVE-2024-45848

Exploit
  • EPSS 0.44%
  • Veröffentlicht 12.09.2024 13:15:13
  • Zuletzt bearbeitet 16.09.2024 17:33:40

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a dat...

8.8

CVE-2024-45847

Exploit
  • EPSS 0.44%
  • Veröffentlicht 12.09.2024 13:15:13
  • Zuletzt bearbeitet 16.09.2024 17:31:04

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a ...

8.8

CVE-2024-45846

Exploit
  • EPSS 0.44%
  • Veröffentlicht 12.09.2024 13:15:12
  • Zuletzt bearbeitet 16.09.2024 17:30:06

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run agains...

9.1

CVE-2024-24759

Exploit
  • EPSS 82.79%
  • Veröffentlicht 05.09.2024 17:15:12
  • Zuletzt bearbeitet 06.09.2024 13:06:18

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead...

6.1

CVE-2024-3575

Exploit
  • EPSS 0.19%
  • Veröffentlicht 16.04.2024 00:15:12
  • Zuletzt bearbeitet 29.10.2025 14:06:08

Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb

9.1

CVE-2023-50731

Exploit
  • EPSS 0.22%
  • Veröffentlicht 22.12.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:37:13

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afte...

5.3

CVE-2023-49796

  • EPSS 0.87%
  • Veröffentlicht 11.12.2023 21:15:07
  • Zuletzt bearbeitet 21.11.2024 08:33:51

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.

5.3

CVE-2023-49795

  • EPSS 0.35%
  • Veröffentlicht 11.12.2023 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:33:51

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` bra...

6.5

CVE-2023-38699

  • EPSS 0.09%
  • Veröffentlicht 04.08.2023 18:15:15
  • Zuletzt bearbeitet 21.11.2024 08:14:04

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for ...