CVE-2024-45847

Summary

CVE-2024-45847 is an arbitrary code execution vulnerability affecting MindsDB platform versions 23.11.4.2 to 24.7.4.1 when certain integrations are installed on the server. This flaw allows attackers to execute arbitrary Python code on the server by crafting a malicious 'UPDATE' query against a database associated with the vulnerable integration engine. The potential impact of this vulnerability is severe, as it poses a high risk to confidentiality, integrity, and availability of the system, with a CVSS base score of 8.8 indicating high severity and low privilege requirements for exploitation. Organizations using affected MindsDB products should apply security patches or updates provided by the vendor to mitigate this risk effectively. For detailed guidance, reference materials such as third-party advisories can provide additional remediation steps and context regarding the vulnerability's implications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.