CVE-2024-45849

Summary

CVE-2024-45849 is an arbitrary code execution vulnerability affecting MindsDB platform versions from 23.10.5.0 to 24.7.4.1, specifically when the Microsoft SharePoint integration is installed. This vulnerability allows an attacker to craft an ‘INSERT’ query containing malicious Python code that, when executed against a database utilizing the SharePoint engine, can be passed to the eval function for execution on the server. The potential risk to organizations includes high integrity and confidentiality impacts, as well as availability issues, with a CVSS base score of 8.8 categorized as HIGH severity and low privileges required for exploitation. To remediate this vulnerability, organizations should upgrade their MindsDB installations to versions that address this issue and review their database queries for potential injection risks. Further information can be found in security advisories related to the vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.