{"data":{"id":"eb685754-a57f-44ae-a998-d6ca414453fc","title":"CVE-2024-45848: An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ","summary":"MindsDB versions 23.12.4.0 through 24.7.4.1 contain an arbitrary code execution vulnerability (the ability to run unwanted commands on a server) when the ChromaDB integration is installed. An attacker can craft a malicious 'INSERT' query containing Python code that gets executed on the server because the code is passed to an eval function (a function that runs text as if it were code).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-45848","publishedAt":"2024-09-12T17:15:13.437Z","cveId":"CVE-2024-45848","cweIds":["CWE-95","CWE-94"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["MindsDB","ChromaDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00438,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}