cbcvebase.
CVE-2024-45846
published 2024-09-12

CVE-2024-45846: An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.15%
79.8th percentile
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.

Affected

2 ranges
VendorProductVersion rangeFixed in
mindsdbmindsdb>= 23.10.3.0 < 24.7.4.124.7.4.1
mindsdbmindsdb>= 23.10.3.0 < 24.7.4.124.7.4.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.