CVE-2024-3575: Cross-site Scripting (XSS) in mindsdb/mindsdb

April 16, 2024

When a user uploads a csv file that contains an javascript payload a Cross-site Scripting (XSS) is triggered when the file is viewed. This is true for both cloud version and OSS version.

References

github.com/advisories/GHSA-93c5-rj2p-w52x
github.com/mindsdb/mindsdb
huntr.com/bounties/5f720b48-ddeb-4f2a-830f-a3dd15d5daa2
nvd.nist.gov/vuln/detail/CVE-2024-3575

Detect and mitigate CVE-2024-3575 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →