CVE-2024-45846

Summary

CVE-2024-45846 is a high-severity arbitrary code execution vulnerability affecting MindsDB versions 23.10.3.0 to 24.7.4.1 when the Weaviate integration is installed. The vulnerability allows an attacker to execute arbitrary Python code on the server by crafting a malicious 'SELECT WHERE' clause against a database utilizing the Weaviate engine, posing significant risks to confidentiality, integrity, and availability of organizational data. Remediation involves updating MindsDB to a secure version beyond 24.7.4.1 or disabling the Weaviate integration if an upgrade cannot be performed immediately. The potential impact includes unauthorized access and control over server resources, which can lead to data breaches or service disruptions. Organizations should prioritize addressing this vulnerability due to its low complexity and lack of required user interaction for exploitation, as indicated by its CVSS base score of 8.8.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.