mindsdb@24.3.5.0 vulnerabilities

MindsDB's AI SQL Server enables developers to build AI tools that need access to real-time data to perform their tasks

latest version

24.4.3.0
first published

6 years ago
latest version published

a month ago
licenses detected
- MIT
  [0.6.5,2.6.0); [23.11.4.0,)
View mindsdb package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mindsdb package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Cross-site Scripting due to improper sanitization of user-supplied input. An attacker can inject malicious scripts into web pages viewed by other users. Note: This is true for both cloud version and OSS version. How to fix Cross-site Scripting? There is no fixed version for `MindsDB`.	[0,)
H Arbitrary File Write via Archive Extraction (Zip Slip) MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to an unsafe extraction which is performed using the `shutil.unpack_archive()` function from a remotely retrieved tarball. This can lead to the writing of the extracted files to an unintended location. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for `MindsDB`.	[0,)

Cross-site Scripting

MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library

Affected versions of this package are vulnerable to Cross-site Scripting due to improper sanitization of user-supplied input. An attacker can inject malicious scripts into web pages viewed by other users.

Note: This is true for both cloud version and OSS version.

How to fix Cross-site Scripting?

There is no fixed version for MindsDB.

[0,)

Arbitrary File Write via Archive Extraction (Zip Slip)

MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to an unsafe extraction which is performed using the shutil.unpack_archive() function from a remotely retrieved tarball. This can lead to the writing of the extracted files to an unintended location.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for MindsDB.

[0,)

Go back to all versions of this package

mindsdb@24.3.5.0 vulnerabilities

MindsDB's AI SQL Server enables developers to build AI tools that need access to real-time data to perform their tasks

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities