CVE-2023-49796

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-49796

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49796.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-49796

Aliases

GHSA-crhp-7c74-cg4c

Published

2023-12-11T20:38:25.330Z

Modified

2026-04-13T04:04:50.953326Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

MindsDB Arbitrary File Write vulnerability

Details

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49796.json",
    "cwe_ids": [
        "CWE-20"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/mindsdb/mindsdb

Affected ranges

Type: GIT
Repo: https://github.com/mindsdb/mindsdb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5ebab23447817abd8929fbcb3a225647207e3071

Affected versions

2.*

2.14.0

2.20.1

2.21.0

2.21.1

2.21.2

2.30.0

2.31.0

2.33.0

2.36.0

2.36.0v2

2.37.0

2.38.0

v0.*

v0.8.8

v0.8.9.1

v1.*

v1.0.6

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.10.2

v2.11.0

v2.11.1

v2.11.2

v2.14.0

v2.15.0

v2.17.1

v2.2.0

v2.2.1

v2.26.0

v2.27.0

v2.3.0

v2.30.1

v2.35.0

v2.39.0

v2.4.0

v2.40.0

v2.41.0

v2.41.1

v2.41.2

v2.42.0

v2.42.1

v2.42.2

v2.43.0

v2.44.0

v2.45.0

v2.45.1

v2.45.2

v2.5.0

v2.6.0

v2.6.1

v2.7.0

v2.7.1

v2.7.2

v2.8.0

v2.8.1

v2.8.3

v2.9.0

v2.9.1

v22.*

v22.11.4.0

v22.11.4.1

v22.11.4.2

v22.11.4.3

v22.12.4.0

v22.12.4.2

v22.12.4.3

v22.5.1.2

v23.*

v23.1.3.0

v23.1.3.1

v23.1.3.2

v23.1.5.0

v23.10.2.0

v23.10.3.1

v23.10.5.0

v23.11.1.0

v23.11.4.0

v23.2.1.0

v23.2.2.0

v23.2.2.1

v23.2.3.0

v23.2.3.1

v23.2.4.0

v23.2.4.1

v23.2.4.2

v23.2.4.3

v23.3.2.0

v23.3.3.0

v23.3.3.1

v23.3.3.2

v23.3.3.3

v23.3.3.4

v23.3.3.5

v23.3.4.0

v23.3.5.0

v23.4.3.0

v23.4.3.1

v23.4.3.2

v23.4.4.0

v23.4.4.1

v23.4.4.2

v23.4.4.3

v23.4.4.4

v23.5.3.1

v23.5.3.2

v23.5.4.1

v23.6.1.1

v23.6.2.0

v23.6.3.0

v23.6.3.1

v23.6.4.0

v23.6.5.0

v23.6.5.1

v23.7.1.0

v23.7.2.0

v23.7.3.0

v23.7.3.1

v23.7.4.0

v23.7.4.1

v23.8.1.0

v23.8.3.0

v23.9.1.0

v23.9.1.1

v23.9.2.0

v23.9.2.1

v23.9.3.0

v23.9.3.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49796.json"