Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
MindsDB 安全漏洞
Vulnerability Description
MindsDB是MindsDB公司的一个新兴的低代码机器学习平台。 MindsDB 23.10.5.0版本至24.7.4.1版本存在安全漏洞,该漏洞源于存在任意代码执行漏洞,如果运行包含Python代码的特制INSERT查询来创建站点列,则代码将传递给eval函数并在服务器上执行。
CVSS Information
N/A
Vulnerability Type
N/A