CVE-2024-45852

Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.3.2.0 and newer

Description: The issue concerns the deserialization of untrusted data in the MindsDB platform. This allows a maliciously uploaded model to run arbitrary code on the server when interacted with.

Recommendations: For MindsDB versions 23.3.2.0 and newer, consider restricting the upload of models to trusted sources until a patch is available. As a temporary workaround, disabling the interaction with uploaded models can minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.