CVE-2023-49796: Improper Input Validation in mindsdb
(updated )
The put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. This issue may lead to arbitrary file write. This vulnerability allows for writing files anywhere on the server that the filesystem permissions that the running server has access to.
References
- github.com/advisories/GHSA-crhp-7c74-cg4c
- github.com/mindsdb/mindsdb
- github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py
- github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe
- github.com/mindsdb/mindsdb/security/advisories/GHSA-crhp-7c74-cg4c
- github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-278.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-49796
Detect and mitigate CVE-2023-49796 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →