CVE-2023-49796 – mindsdb

Package

Manager: pip
Name: mindsdb
Vulnerable Version: >=0 <23.11.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00664 pctl0.70323

Details

Improper Input Validation in mindsdb ### Impact The put method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled `name` value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. This issue may lead to arbitrary file write. This vulnerability allows for writing files anywhere on the server that the filesystem permissions that the running server has access to. ### Patches Use mindsdb staging branch or v23.11.4.1 ### References * GHSL-2023-184 * See [CodeQL path injection prevention guidelines](https://codeql.github.com/codeql-query-help/python/py-path-injection/) and [OWASP guidelines](https://owasp.org/www-community/attacks/Path_Traversal).

Metadata

Created: 2023-12-12T00:49:00Z
Modified: 2024-11-22T18:14:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-crhp-7c74-cg4c/GHSA-crhp-7c74-cg4c.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-crhp-7c74-cg4c
Finding: F184
Auto approve: 1