mindsdb@23.11.1.0 vulnerabilities
MindsDB's AI SQL Server enables developers to build AI tools that need access to real-time data to perform their tasks
-
latest version
24.11.3.0
-
first published
6 years ago
-
latest version published
4 days ago
-
licenses detected
- [2.6.0,23.11.4.0)
Direct Vulnerabilities
Known vulnerabilities in the mindsdb package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Cross-site Scripting (XSS) whenever another user enumerates unsanitized items within the UI. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into the input fields. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Deserialization of Untrusted Data within the Note:
This can only occur if the BYOM engine is changed in the config from the default How to fix Deserialization of Untrusted Data? There is no fixed version for |
[23.10.2.0,)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Deserialization of Untrusted Data within the Note:
This can only occur if the BYOM engine is changed in the config from the default How to fix Deserialization of Untrusted Data? There is no fixed version for |
[23.10.2.0,)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Deserialization of Untrusted Data within the Note: This can only occur if the BYOM engine is changed in the config from the default ‘venv’ to ‘inhouse’. How to fix Deserialization of Untrusted Data? There is no fixed version for |
[23.10.3.0,)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deserialization process within the How to fix Deserialization of Untrusted Data? There is no fixed version for |
[23.3.2.0,)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Eval Injection due to unprotected How to fix Eval Injection? Upgrade |
[23.10.5.0,24.7.4.1)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') due to an unprotected How to fix Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')? Upgrade |
[23.10.3.0,24.7.4.1)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Eval Injection due to the use of an unprotected How to fix Eval Injection? Upgrade |
[23.10.5.0,24.7.4.1)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') inside the How to fix Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')? Upgrade |
[23.10.5.0,24.7.4.1)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,23.12.4.2)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Cross-site Scripting due to improper sanitization of user-supplied input. An attacker can inject malicious scripts into web pages viewed by other users. Note: This is true for both cloud version and OSS version. How to fix Cross-site Scripting? There is no fixed version for |
[0,)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties. An attacker can write arbitrary files to the system by exploiting insufficient validation of user-supplied input. How to fix Files or Directories Accessible to External Parties? Upgrade |
[,23.11.4.1)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the How to fix Server-side Request Forgery (SSRF)? Upgrade |
[,23.11.4.0)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Improper Input Validation due to insufficient validation of user-supplied input in the How to fix Improper Input Validation? Upgrade |
[23.7.4.1,23.11.4.0)
|
MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to an unsafe extraction which is performed using the How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for |
[0,)
|