{"data":{"id":"365f0833-b03d-4857-bf15-6076e117c79a","title":"CVE-2024-45854: Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciou","summary":"CVE-2024-45854 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.10.3.0 and newer where deserialization of untrusted data (converting data from an external format back into executable code without checking if it's safe) allows an attacker to upload a malicious model that runs arbitrary code (any commands the attacker wants) on the server when a describe query is executed on it.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-45854","publishedAt":"2024-09-12T13:15:14.900Z","cveId":"CVE-2024-45854","cweIds":["CWE-502","CWE-502"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MindsDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00225,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}