Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mindsdb mindsdb vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2023-50731
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on l...
Mindsdb Mindsdb
8.8
CVSSv3
CVE-2022-23522
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a...
Mindsdb Mindsdb
5.3
CVSSv3
CVE-2023-49795
MindsDB connects artificial intelligence models to real time data. Versions before 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which co...
Mindsdb Mindsdb
7.5
CVSSv3
CVE-2023-30620
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended locatio...
Mindsdb Mindsdb
6.5
CVSSv3
CVE-2023-38699
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests l...
Mindsdb Mindsdb
5.3
CVSSv3
CVE-2023-49796
MindsDB connects artificial intelligence models to real time data. Versions before 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.
Mindsdb Mindsdb 23.7.4.1
NA
CVE-2024-3575
Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5841
file upload
man-in-the-middle
arbitrary
CVE-2024-27801
CVE-2024-28020
CVE-2024-30080
CVE-2024-30069
CVE-2024-5843
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started