Truesoni

**Name of the Vulnerable Software and Affected Versions** MindsDB versions prior to 23.7.4.0 **Description** The issue concerns the MindsDB's AI Virtual Database, which allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This behavior can compromise the security of applications by not guaranteeing the identity of the party being communicated with. Using TLS can significantly increase security by presenting trusted certificates during the connection initialization phase. **Recommendations** For versions prior to 23.7.4.0, update to version 23.7.4.0 or later, where certificates are validated by default. As a temporary workaround, consider setting `verify=True` for all requests to ensure SSL certificate checks are enabled. Restrict access to the Requests library until the update is applied to minimize the risk of exploitation.