CVE-2024-45854 - MindsDB Deserialization of Untrusted Data RCE

2 months ago 25
ARTICLE AD BOX
CVE ID : CVE-2024-45854
Published : Sept. 12, 2024, 1:15 p.m. | 24 minutes ago
Description : Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read Entire Article