CVE-2024-45851

Summary

CVE-2024-45851 is an arbitrary code execution vulnerability affecting versions 23.10.5.0 to 24.7.4.1 of the MindsDB platform when integrated with Microsoft SharePoint on the server. This vulnerability allows specially crafted ‘INSERT’ queries in databases created with the SharePoint engine to execute Python code on the server via an eval function. The potential danger includes high impacts on confidentiality, integrity, and availability, with a base severity rating of HIGH and an exploitability score of 2.8, indicating that the vulnerability can be exploited with low privileges and no user interaction required. Organizations using affected MindsDB products should mitigate this risk by upgrading to versions that address this vulnerability as per available security advisories. For more details, refer to third-party advisories linked from relevant sources.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.