CVE-2024-24759

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-24759

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24759.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-24759

Aliases

Published

2024-09-05T16:30:38.659Z

Modified

2026-04-18T04:14:30.578333Z

Severity

9.3 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L CVSS Calculator

Summary

MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding

Details

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24759.json",
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/mindsdb/mindsdb

Affected ranges

Type

GIT

Repo

https://github.com/mindsdb/mindsdb

Events

Introduced

Fixed

5f7496481bd3db1d06a2d2e62c0dce960a1fe12b

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "23.12.4.2"
        }
    ]
}

Affected versions

2.*

2.14.0

2.20.1

2.21.0

2.21.1

2.21.2

2.30.0

2.31.0

2.33.0

2.36.0

2.36.0v2

2.37.0

2.38.0

v0.*

v0.8.8

v0.8.9.1

v1.*

v1.0.6

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.2

v2.10.0

v2.10.2

v2.11.0

v2.11.1

v2.11.2

v2.14.0

v2.15.0

v2.17.1

v2.2.0

v2.2.1

v2.26.0

v2.27.0

v2.3.0

v2.30.1

v2.35.0

v2.39.0

v2.4.0

v2.40.0

v2.41.0

v2.41.1

v2.41.2

v2.42.0

v2.42.1

v2.42.2

v2.43.0

v2.44.0

v2.45.0

v2.45.1

v2.45.2

v2.5.0

v2.6.0

v2.6.1

v2.7.0

v2.7.1

v2.7.2

v2.8.0

v2.8.1

v2.8.3

v2.9.0

v2.9.1

v22.*

v22.11.4.0

v22.11.4.1

v22.11.4.2

v22.11.4.3

v22.12.4.0

v22.12.4.2

v22.12.4.3

v22.5.1.2

v23.*

v23.1.3.0

v23.1.3.1

v23.1.3.2

v23.1.5.0

v23.10.2.0

v23.10.3.1

v23.10.5.0

v23.11.1.0

v23.11.4.0

v23.11.4.1

v23.11.4.2

v23.12.4.0

v23.12.4.1

v23.2.1.0

v23.2.2.0

v23.2.2.1

v23.2.3.0

v23.2.3.1

v23.2.4.0

v23.2.4.1

v23.2.4.2

v23.2.4.3

v23.3.2.0

v23.3.3.0

v23.3.3.1

v23.3.3.2

v23.3.3.3

v23.3.3.4

v23.3.3.5

v23.3.4.0

v23.3.5.0

v23.4.3.0

v23.4.3.1

v23.4.3.2

v23.4.4.0

v23.4.4.1

v23.4.4.2

v23.4.4.3

v23.4.4.4

v23.5.3.1

v23.5.3.2

v23.5.4.1

v23.6.1.1

v23.6.2.0

v23.6.3.0

v23.6.3.1

v23.6.4.0

v23.6.5.0

v23.6.5.1

v23.7.1.0

v23.7.2.0

v23.7.3.0

v23.7.3.1

v23.7.4.0

v23.7.4.1

v23.8.1.0

v23.8.3.0

v23.9.1.0

v23.9.1.1

v23.9.2.0

v23.9.2.1

v23.9.3.0

v23.9.3.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24759.json"