CVE-2024-45853

Summary

CVE-2024-45853 is a vulnerability affecting versions 23.10.2.0 and newer of the MindsDB platform, allowing deserialization of untrusted data. This flaw could enable an attacker to upload a malicious ‘inhouse’ model, which may execute arbitrary code on the server during prediction tasks, posing significant risks to confidentiality, integrity, and availability due to its high severity rating (CVSS base score of 7.5). Affected products include various components identified by codes such as yZDbPt and uCRMb4 among others. Remediation strategies should focus on updating MindsDB to a secure version and implementing restrictions on model uploads to mitigate the risk of exploitation. The vulnerability's attack vector is network-based, requiring low privileges and no user interaction, escalating its potential threat level for organizations using the affected software.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.