CVE-2023-49795
- EPSS 0.42%
- Veröffentlicht 11.12.2023 19:15:09
- Zuletzt bearbeitet 21.11.2024 08:33:51
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` bra...
CVE-2023-38699
- EPSS 0.24%
- Veröffentlicht 04.08.2023 18:15:15
- Zuletzt bearbeitet 21.11.2024 08:14:04
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for ...
CVE-2023-30620
- EPSS 1%
- Veröffentlicht 21.04.2023 21:15:08
- Zuletzt bearbeitet 21.11.2024 08:00:31
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted ...
CVE-2022-23522
- EPSS 0.88%
- Veröffentlicht 30.03.2023 19:15:06
- Zuletzt bearbeitet 21.11.2024 06:48:44
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulne...