CVE-2023-46492

Name of the Vulnerable Software and Affected Versions MLDB.ai version 2017.04.17.0

Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted payload to the "public html/doc/index.html" endpoint. This enables the attacker to perform unauthorized actions on the affected system.

Recommendations For MLDB.ai version 2017.04.17.0, as a temporary workaround, consider restricting access to the "public html/doc/index.html" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.