CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

Posted by Angelo Barbosa | Dec 23, 2023 | CVE

A vulnerability classified as critical has been found in MindsDB up to 23.11.4.0. Affected is the function save_file of the file mindsdb/mindsdb/api/http/namespaces/file.py. The manipulation of the argument name leads to server-side request forgery.

This vulnerability is traded as CVE-2023-50731. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

Related Posts

CVE-2024-42581 | Warehouse Inventory System 2.0 delete_group.php cross-site request forgery

CVE-2024-28991 | SolarWinds Access Rights Manager up to 2024.3 deserialization

CVE-2024-8366 | code-projects Pharmacy Management System 1.0 Update My Profile Page index.php fname/lname/email cross site scripting

CVE-2023-7091 | Dreamer CMS 4.1.3 /upload/uploadFile file unrestricted upload