CVE-2023-49795

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 11, 2023

Updated: Dec 14, 2023

CWE ID 918

Summary

CVE-2023-49795 is a server-side request forgery vulnerability affecting MindsDB, a tool that connects artificial intelligence models to real-time data. This issue is located in the `file.py` component of versions prior to 23.11.4.1. Successful exploitation can result in limited information disclosure. It is recommended that users upgrade to MindsDB's `staging` branch or version 23.11.4.1 to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

MindsDB

Affected Vendors

MindsDB

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/toKL8t
https://www.cve.org/CVERecord?id=CVE-2023-49795
https://nvd.nist.gov/vuln/detail/CVE-2023-49795

Back to Vulnerability Database