mindsdb@26.1.0

MindsDB's AI SQL Server enables developers to build AI tools that need access to real-time data to perform their tasks

latest version

26.1.0

first published

7 years ago

latest version published

22 days ago

licenses detected

MIT
[0.6.5,2.6.0); [23.11.4.0,24.10.4.1); [25.3.4.1,)

View mindsdb package health on Snyk (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mindsdb package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Deserialization of Untrusted Data MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `pickle.loads` function in the Pickle Handler component. An attacker can execute arbitrary code by providing crafted serialized data to this function. How to fix Deserialization of Untrusted Data? There is no fixed version for `MindsDB`.	[0,)
M Server-side Request Forgery (SSRF) MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `_split_url` function in the `mindsdb/utilities/security.py` component. An attacker can bypass blocklist-based SSRF protections and access restricted internal services by crafting a URL with a userinfo component (e.g., `http://attacker@127.0.0.1:4444/`) that causes `urlparse().netloc` to fail to match blocklisted origins. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `MindsDB`.	[0,)

Deserialization of Untrusted Data

MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the pickle.loads function in the Pickle Handler component. An attacker can execute arbitrary code by providing crafted serialized data to this function.

How to fix Deserialization of Untrusted Data?

There is no fixed version for MindsDB.

[0,)

Server-side Request Forgery (SSRF)

MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the _split_url function in the mindsdb/utilities/security.py component. An attacker can bypass blocklist-based SSRF protections and access restricted internal services by crafting a URL with a userinfo component (e.g., http://attacker@127.0.0.1:4444/) that causes urlparse().netloc to fail to match blocklisted origins.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for MindsDB.

[0,)

Go back to all versions of this package