CVE-2024-45852

Summary

CVE-2024-45852 identifies a vulnerability in versions 23.3.2.0 and newer of the MindsDB platform, which allows for deserialization of untrusted data. This issue can enable an attacker to upload a malicious model that executes arbitrary code on the server upon interaction. Affected products include various models related to MindsDB, such as 'tza3bg,' 'tza3bh,' and 'uCRMb_'. To remediate this vulnerability, it is essential to upgrade to a patched version of MindsDB that addresses the deserialization flaw. The potential danger includes high impacts on confidentiality, integrity, and availability, with an exploitability score of 2.8 indicating a significant risk through network vectors with low privileges required.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.