Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb
Vulnerability Description
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a **TarSlip** or a **ZipSlip variant**. Unpacking files using the high-level function `shutil.unpack_archive()` from a potentially malicious tarball without validating that the destination file path remained within the intended destination directory may cause files to be overwritten outside the destination directory. An attacker could craft a malicious tarball with a filename path, such as `../../../../../../../../etc/passwd`, and then serve the archive remotely using a personal bucket `s3`, thus, retrieve the tarball through **mindsdb** and overwrite the system files of the hosting server. This issue has been addressed in version 22.11.4.3. Users are advised to upgrade. Users unable to upgrade should avoid ingesting archives from untrusted sources.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MindsDB 路径遍历漏洞
Vulnerability Description
MindsDB是MindsDB公司的一个新兴的低代码机器学习平台。 MindsDB存在路径遍历漏洞,该漏洞源于可以使用 shutil.unpack_archive() 从远程检索的 tarball 执行提取,这可能会导致将提取的文件写入非预期位置,攻击者利用该漏洞可以制作带有文件名路径的恶意 tarball,然后远程提供存档。
CVSS Information
N/A
Vulnerability Type
N/A