MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

服务端请求伪造(SSRF)

MindsDB 安全漏洞

MindsDB是MindsDB公司的一个新兴的低代码机器学习平台。 MindsDB v23.12.4.2之前版本存在安全漏洞，该漏洞源于攻击者可以通过DNS重新绑定绕过整个网站的服务器端请求伪造保护，还可能导致拒绝服务。

N/A

N/A