CVE-2024-24759
CVSS V2 None
CVSS V3 None
Description
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
Overview
- CVE ID
- CVE-2024-24759
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-05T16:30:38.659Z
- Last Modified Date
- 2024-09-05T17:46:08.516Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr | x_refsource_CONFIRM |
| https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-24759 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24759 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-09-06 13:05:31 | Added to TrackCVE |