CVE-2024-24759

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 23.12.4.2

Description MindsDB is a platform for building artificial intelligence from enterprise data. A threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding, which can also lead to denial of service.

Recommendations For versions prior to 23.12.4.2, update to version 23.12.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints to minimize the risk of exploitation.