CVE-2023-30620: mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction
Summary
MindsDB, a platform for building AI solutions, has a vulnerability in older versions where it unsafely extracts files from remote archives using `tarfile.extractall()` (a Python function that unpacks compressed files). An attacker could exploit this to overwrite any file that the server can access, similar to known attacks called TarSlip or ZipSlip (path traversal attacks, where files are extracted to unexpected locations).
Solution / Mitigation
Upgrade to release 23.2.1.0 or later. The source explicitly states 'There are no known workarounds for this vulnerability,' so updating is the only mitigation mentioned.
Vulnerability Details
7.5(high)
EPSS: 1.2%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-30620
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 85%