Vulnerability Details CVE-2024-45853
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.0%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2024-45853
-
cpe:2.3:a:mindsdb:mindsdb:23.10.2.0
-
cpe:2.3:a:mindsdb:mindsdb:23.10.3.0
-
cpe:2.3:a:mindsdb:mindsdb:23.10.3.1
-
cpe:2.3:a:mindsdb:mindsdb:23.10.5.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.1.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.1
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.2
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.3
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.1
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.2
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.3
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.4
-
cpe:2.3:a:mindsdb:mindsdb:23.12.4.0
-
cpe:2.3:a:mindsdb:mindsdb:23.12.4.1