Описание
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
Уязвимые конфигурации
Конфигурация 1Версия до 23.12.4.2 (исключая)
cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.79283
Высокий
9.3 Critical
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 9.3
github
больше 1 года назад
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
EPSS
Процентиль: 99%
0.79283
Высокий
9.3 Critical
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918