PyPI package
mindsdb
pkg:pypi/mindsdb
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38699 | — | < 23.7.4.0 | 23.7.4.0 | Aug 4, 2023 | MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests librar | ||
| CVE-2023-30620 | — | < 23.2.1.0 | 23.2.1.0 | Apr 21, 2023 | mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended locatio | ||
| CVE-2022-23522 | — | < 22.11.4.3 | 22.11.4.3 | Mar 30, 2023 | MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a |
- CVE-2023-38699Aug 4, 2023affected < 23.7.4.0fixed 23.7.4.0
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests librar
- CVE-2023-30620Apr 21, 2023affected < 23.2.1.0fixed 23.2.1.0
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended locatio
- CVE-2022-23522Mar 30, 2023affected < 22.11.4.3fixed 22.11.4.3
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a
Page 2 of 2