CVE-2024-45848

Summary

CVE-2024-45848 describes an arbitrary code execution vulnerability affecting MindsDB platform versions 23.12.4.0 through 24.7.4.1 when the ChromaDB integration is utilized. This vulnerability allows attackers to execute Python code on the server through specially crafted ‘INSERT’ queries sent to a ChromaDB database, posing a high risk to both confidentiality and integrity of the system. The attack requires low privileges and no user interaction, making it accessible via network attacks, with a CVSS base score of 8.8 indicating its severity. Organizations using the affected versions are advised to apply patches or updates provided by MindsDB to mitigate this risk effectively. Failure to address this vulnerability could lead to significant security breaches and unauthorized access within the organization’s systems.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.