{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36869?format=json","vulnerability_id":"VCID-fjec-rvym-t3f1","summary":"An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.","aliases":[{"alias":"CVE-2024-45848"},{"alias":"PYSEC-2024-78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42606?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42582?format=json","purl":"pkg:pypi/mindsdb@23.12.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-jzag-uvvs-3fca"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42583?format=json","purl":"pkg:pypi/mindsdb@23.12.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-jzag-uvvs-3fca"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/42584?format=json","purl":"pkg:pypi/mindsdb@23.12.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/42585?format=json","purl":"pkg:pypi/mindsdb@24.1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42586?format=json","purl":"pkg:pypi/mindsdb@24.2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.2.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42587?format=json","purl":"pkg:pypi/mindsdb@24.3.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42588?format=json","purl":"pkg:pypi/mindsdb@24.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/42589?format=json","purl":"pkg:pypi/mindsdb@24.3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/42590?format=json","purl":"pkg:pypi/mindsdb@24.3.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.3.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42591?format=json","purl":"pkg:pypi/mindsdb@24.4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.4.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42592?format=json","purl":"pkg:pypi/mindsdb@24.4.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.4.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/42593?format=json","purl":"pkg:pypi/mindsdb@24.4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.4.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42594?format=json","purl":"pkg:pypi/mindsdb@24.5.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.5.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42595?format=json","purl":"pkg:pypi/mindsdb@24.6.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42596?format=json","purl":"pkg:pypi/mindsdb@24.6.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/42597?format=json","purl":"pkg:pypi/mindsdb@24.6.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42598?format=json","purl":"pkg:pypi/mindsdb@24.6.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/42599?format=json","purl":"pkg:pypi/mindsdb@24.6.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42600?format=json","purl":"pkg:pypi/mindsdb@24.6.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/42601?format=json","purl":"pkg:pypi/mindsdb@24.6.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.6.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/42602?format=json","purl":"pkg:pypi/mindsdb@24.7.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42603?format=json","purl":"pkg:pypi/mindsdb@24.7.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42604?format=json","purl":"pkg:pypi/mindsdb@24.7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/42605?format=json","purl":"pkg:pypi/mindsdb@24.7.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.0"}],"references":[{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"}],"weaknesses":[],"exploits":[],"severity_range_score":"8.8 - 8.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjec-rvym-t3f1"}