Описание
Improper Input Validation in mindsdb
Impact
The put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. This issue may lead to arbitrary file write. This vulnerability allows for writing files anywhere on the server that the filesystem permissions that the running server has access to.
Patches
Use mindsdb staging branch or v23.11.4.1
References
- GHSL-2023-184
- See CodeQL path injection prevention guidelines and OWASP guidelines.
Ссылки
- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c
- https://nvd.nist.gov/vuln/detail/CVE-2023-49796
- https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe
- https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125
- https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-278.yaml
Пакеты
mindsdb
< 23.11.4.1
23.11.4.1
Связанные уязвимости
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.