Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
MindsDB 安全漏洞
Vulnerability Description
MindsDB是MindsDB公司的一个新兴的低代码机器学习平台。 MindsDB 23.10.2.0及之前版本存在安全漏洞,该漏洞源于存在不受信任数据的反序列化,使得恶意上传的模型在服务器上运行查询时能够在服务器上运行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A