{"data":{"id":"9a4f3bb7-2468-49c3-8421-c18740338e15","title":"CVE-2024-45853: Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciou","summary":"CVE-2024-45853 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.10.2.0 and newer where deserialization of untrusted data (the process of converting received data back into usable objects without checking if it's safe) allows an attacker to upload a malicious model that runs arbitrary code on the server when making predictions. This is a serious flaw because it gives attackers full control to execute whatever commands they want on the affected system.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-45853","publishedAt":"2024-09-12T13:15:14.643Z","cveId":"CVE-2024-45853","cweIds":["CWE-502","CWE-502"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MindsDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00246,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}