{"data":{"id":"f16be145-02bb-44ef-90fd-966e2ab413aa","title":"CVE-2024-45852: Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a malicious","summary":"CVE-2024-45852 is a vulnerability in MindsDB (a platform for building AI applications) versions 23.3.2.0 and newer that allows deserialization of untrusted data (converting untrusted incoming data back into executable code). An attacker can upload a malicious model that runs arbitrary code (any commands they choose) on the server when someone interacts with it.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-45852","publishedAt":"2024-09-12T13:15:14.403Z","cveId":"CVE-2024-45852","cweIds":["CWE-502","CWE-502"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["MindsDB"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00246,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}