CVE-2024-45846
published 2024-09-12CVE-2024-45846: An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.15%
79.8th percentile
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mindsdb | mindsdb | >= 23.10.3.0 < 24.7.4.1 | 24.7.4.1 |
| mindsdb | mindsdb | >= 23.10.3.0 < 24.7.4.1 | 24.7.4.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MindsDB Eval Injection vulnerability
ghsa·2024-09-12
CVE-2024-45846 [HIGH] CWE-94 MindsDB Eval Injection vulnerability
MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.
OSV
CVE-2024-45846: An arbitrary code execution vulnerability exists in versions 23
osv·2024-09-12
CVE-2024-45846 CVE-2024-45846: An arbitrary code execution vulnerability exists in versions 23
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.
OSV
MindsDB Eval Injection vulnerability
osv·2024-09-12
CVE-2024-45846 [HIGH] MindsDB Eval Injection vulnerability
MindsDB Eval Injection vulnerability
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.
No detection rules found.
No public exploits indexed.
2024-09-12
Published