CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

Inserito da Angelo Barbosa | Dic 23, 2023 | CVE

A vulnerability classified as critical has been found in MindsDB up to 23.11.4.0. Affected is the function save_file of the file mindsdb/mindsdb/api/http/namespaces/file.py. The manipulation of the argument name leads to server-side request forgery.

This vulnerability is traded as CVE-2023-50731. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

Post correlati

CVE-2024-22313 | IBM Storage Defender 2.0 Resiliency Service hard-coded credentials (XFDB-278749)

CVE-2024-6058 | LabVantage LIMS 2017 rc height/width cross site scripting

CVE-2024-44920 | SeaCMS 12.9 admin_collect_news.php siteurl cross site scripting

CVE-2024-0232 | SQLite up to 3.43.1 sqlite3.c jsonParseAddNodeArray use after free