Skip to content

Commit 7366df1

Browse files
author
github-actions
committed
Analysis
1 parent 50695d8 commit 7366df1

File tree

5 files changed

+10
-5
lines changed

5 files changed

+10
-5
lines changed

vulns/mindsdb/PYSEC-2023-278.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -573,6 +573,7 @@ affected:
573573
- 25.10.0rc1
574574
- 25.10.0
575575
- 25.10.1
576+
- 25.11.0rc1
576577
aliases:
577578
- CVE-2023-49796
578579
- GHSA-crhp-7c74-cg4c
@@ -581,7 +582,7 @@ details: MindsDB connects artificial intelligence models to real time data. Vers
581582
should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the
582583
issue.
583584
id: PYSEC-2023-278
584-
modified: '2025-10-27T07:48:17.326672Z'
585+
modified: '2025-11-11T17:23:07.414018Z'
585586
published: '2023-12-11T21:15:00Z'
586587
references:
587588
- type: ADVISORY

vulns/mindsdb/PYSEC-2024-82.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -166,13 +166,14 @@ affected:
166166
- 25.10.0rc1
167167
- 25.10.0
168168
- 25.10.1
169+
- 25.11.0rc1
169170
aliases:
170171
- CVE-2024-45852
171172
details: Deserialization of untrusted data can occur in versions 23.3.2.0 and newer
172173
of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary
173174
code on the server when interacted with.
174175
id: PYSEC-2024-82
175-
modified: '2025-10-27T07:48:17.624467Z'
176+
modified: '2025-11-11T17:23:07.547772Z'
176177
published: '2024-09-12T13:15:00Z'
177178
references:
178179
- type: EVIDENCE

vulns/mindsdb/PYSEC-2024-83.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,13 +126,14 @@ affected:
126126
- 25.10.0rc1
127127
- 25.10.0
128128
- 25.10.1
129+
- 25.11.0rc1
129130
aliases:
130131
- CVE-2024-45853
131132
details: "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer\
132133
\ of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model\
133134
\ to run arbitrary code on the server when used for a prediction."
134135
id: PYSEC-2024-83
135-
modified: '2025-10-27T07:48:17.746372Z'
136+
modified: '2025-11-11T17:23:07.664490Z'
136137
published: '2024-09-12T13:15:00Z'
137138
references:
138139
- type: EVIDENCE

vulns/mindsdb/PYSEC-2024-84.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -125,14 +125,15 @@ affected:
125125
- 25.10.0rc1
126126
- 25.10.0
127127
- 25.10.1
128+
- 25.11.0rc1
128129
aliases:
129130
- CVE-2024-45854
130131
details: "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer\
131132
\ of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model\
132133
\ to run arbitrary code on the server when a \u2018describe\u2019 query is run on\
133134
\ it."
134135
id: PYSEC-2024-84
135-
modified: '2025-10-27T07:48:17.870421Z'
136+
modified: '2025-11-11T17:23:07.774574Z'
136137
published: '2024-09-12T13:15:00Z'
137138
references:
138139
- type: EVIDENCE

vulns/mindsdb/PYSEC-2024-85.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -126,13 +126,14 @@ affected:
126126
- 25.10.0rc1
127127
- 25.10.0
128128
- 25.10.1
129+
- 25.11.0rc1
129130
aliases:
130131
- CVE-2024-45855
131132
details: "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer\
132133
\ of the MindsDB platform, enabling a maliciously uploaded \u2018inhouse\u2019 model\
133134
\ to run arbitrary code on the server when using \u2018finetune\u2019 on it."
134135
id: PYSEC-2024-85
135-
modified: '2025-10-27T07:48:17.990031Z'
136+
modified: '2025-11-11T17:23:07.904431Z'
136137
published: '2024-09-12T13:15:00Z'
137138
references:
138139
- type: EVIDENCE

0 commit comments

Comments
 (0)