An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Sep 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-94 |
Thu, 12 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mindsdb
Mindsdb mindsdb |
|
CPEs | cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mindsdb
Mindsdb mindsdb |
|
Metrics |
ssvc
|
Thu, 12 Sep 2024 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server. | |
Weaknesses | CWE-95 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HiddenLayer
Published: 2024-09-12T12:57:42.357Z
Updated: 2024-09-12T14:37:32.950Z
Reserved: 2024-09-10T15:36:52.125Z
Link: CVE-2024-45847
Vulnrichment
Updated: 2024-09-12T14:37:28.386Z
NVD
Status : Analyzed
Published: 2024-09-12T13:15:13.177
Modified: 2024-09-16T17:31:04.850
Link: CVE-2024-45847
Redhat
No data.