CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

Çağlar Arlı - 101 Views

CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

A vulnerability classified as critical has been found in MindsDB up to 23.11.4.0. Affected is the function save_file of the file mindsdb/mindsdb/api/http/namespaces/file.py. The manipulation of the argument name leads to server-side request forgery. This vulnerability is traded as CVE-2023-50731. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

P	S	Ç	P	C	C	P
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Annanowa

CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

CVE-2023-50731 | MindsDB up to 23.11.4.0 file.py save_file name server-side request forgery (GHSA-j8w6-2r9h-cxhj)

Son Yazılar

Son Yorumlar