Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
MindsDB 安全漏洞
Vulnerability Description
MindsDB是MindsDB公司的一个新兴的低代码机器学习平台。 MindsDB 23.11.4.2版本至24.7.4.1版本存在安全漏洞,该漏洞源于存在任意代码执行漏洞,如果运行包含Python代码的特制UPDATE查询,则该代码将传递给eval函数并在服务器上执行。
CVSS Information
N/A
Vulnerability Type
N/A