Vulnerability Details CVE-2024-45854
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.5%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2024-45854
-
cpe:2.3:a:mindsdb:mindsdb:23.10.3.0
-
cpe:2.3:a:mindsdb:mindsdb:23.10.3.1
-
cpe:2.3:a:mindsdb:mindsdb:23.10.5.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.1.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.1
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.2
-
cpe:2.3:a:mindsdb:mindsdb:23.11.28.3
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.0
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.1
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.2
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.3
-
cpe:2.3:a:mindsdb:mindsdb:23.11.4.4
-
cpe:2.3:a:mindsdb:mindsdb:23.12.4.0
-
cpe:2.3:a:mindsdb:mindsdb:23.12.4.1