Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fjec-rvym-t3f1

Summary An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.

Aliases

alias	CVE-2024-45848

alias	PYSEC-2024-78

Fixed_packages

url pkg:pypi/mindsdb@24.7.4.1

purl pkg:pypi/mindsdb@24.7.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1

Affected_packages

url pkg:pypi/mindsdb@23.12.4.0

purl pkg:pypi/mindsdb@23.12.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-jzag-uvvs-3fca

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.0

url pkg:pypi/mindsdb@23.12.4.1

purl pkg:pypi/mindsdb@23.12.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-jzag-uvvs-3fca

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.1

url pkg:pypi/mindsdb@23.12.4.2

purl pkg:pypi/mindsdb@23.12.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.2

url pkg:pypi/mindsdb@24.1.4.0

purl pkg:pypi/mindsdb@24.1.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.1.4.0

url pkg:pypi/mindsdb@24.2.3.0

purl pkg:pypi/mindsdb@24.2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.2.3.0

url pkg:pypi/mindsdb@24.3.4.0

purl pkg:pypi/mindsdb@24.3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.4.0

url pkg:pypi/mindsdb@24.3.4.1

purl pkg:pypi/mindsdb@24.3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.4.1

url pkg:pypi/mindsdb@24.3.4.2

purl pkg:pypi/mindsdb@24.3.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.4.2

url pkg:pypi/mindsdb@24.3.5.0

purl pkg:pypi/mindsdb@24.3.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.5.0

url pkg:pypi/mindsdb@24.4.2.0

purl pkg:pypi/mindsdb@24.4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.4.2.0

url pkg:pypi/mindsdb@24.4.2.1

purl pkg:pypi/mindsdb@24.4.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.4.2.1

url pkg:pypi/mindsdb@24.4.3.0

purl pkg:pypi/mindsdb@24.4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.4.3.0

url pkg:pypi/mindsdb@24.5.4.0

purl pkg:pypi/mindsdb@24.5.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.5.4.0

url pkg:pypi/mindsdb@24.6.1.0

purl pkg:pypi/mindsdb@24.6.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.1.0

url pkg:pypi/mindsdb@24.6.1.1

purl pkg:pypi/mindsdb@24.6.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.1.1

url pkg:pypi/mindsdb@24.6.2.0

purl pkg:pypi/mindsdb@24.6.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.2.0

url pkg:pypi/mindsdb@24.6.2.2

purl pkg:pypi/mindsdb@24.6.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.2.2

url pkg:pypi/mindsdb@24.6.3.0

purl pkg:pypi/mindsdb@24.6.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.3.0

url pkg:pypi/mindsdb@24.6.3.1

purl pkg:pypi/mindsdb@24.6.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.3.1

url pkg:pypi/mindsdb@24.6.4.1

purl pkg:pypi/mindsdb@24.6.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.4.1

url pkg:pypi/mindsdb@24.7.1.0

purl pkg:pypi/mindsdb@24.7.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.1.0

url pkg:pypi/mindsdb@24.7.2.0

purl pkg:pypi/mindsdb@24.7.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.2.0

url pkg:pypi/mindsdb@24.7.3.0

purl pkg:pypi/mindsdb@24.7.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.3.0

url pkg:pypi/mindsdb@24.7.4.0

purl pkg:pypi/mindsdb@24.7.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ba2s-8e42-7ucs

vulnerability	VCID-d1sm-yyqm-fug8

vulnerability	VCID-fjec-rvym-t3f1

vulnerability	VCID-k6m1-mehq-pbez

vulnerability	VCID-kttw-x13y-b3fj

vulnerability	VCID-stp6-86fa-cubn

vulnerability	VCID-uab9-6bgh-efct

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.0

References

reference_url

https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/

Weaknesses

Exploits

Severity_range_score 8.8 - 8.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjec-rvym-t3f1

Vulnerability Instance