CVE-2024-24759
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
9.3
CRITICAL
CVSS 3.1
EPSS 80.8%
Description
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
How to fix CVE-2024-24759
To remediate CVE-2024-24759, upgrade the affected package to a fixed version below.
- —upgrade to 23.12.4.2 or later
- —upgrade to 5f7496481bd3db1d06a2d2e62c0dce960a1fe12b or later
Is CVE-2024-24759 being exploited?
Likely — EPSS is 80.8%, placing CVE-2024-24759 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 23.12.4.2
- from 0, < 5f7496481bd3db1d06a2d2e62c0dce960a1fe12b | from 0, < 23.12.4.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L |
| osv | CVSS 3.1 | CRITICAL9.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L |