{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:48:22.275","vulnerabilities":[{"cve":{"id":"CVE-2024-45848","sourceIdentifier":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","published":"2024-09-12T13:15:13.437","lastModified":"2024-09-16T17:33:40.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server."},{"lang":"es","value":"Existe una vulnerabilidad de ejecución de código arbitrario en las versiones 23.12.4.0 a 24.7.4.1 de la plataforma MindsDB, cuando la integración de ChromaDB está instalada en el servidor. Si se ejecuta una consulta 'INSERT' especialmente manipulada que contiene código Python en una base de datos creada con el motor ChromaDB, el código se pasará a una función eval y se ejecutará en el servidor."}],"metrics":{"cvssMetricV31":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","type":"Secondary","description":[{"lang":"en","value":"CWE-95"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","versionStartIncluding":"23.12.4.0","versionEndExcluding":"24.7.4.1","matchCriteriaId":"43357792-2782-43E9-B0AD-0ED2909FCCBB"}]}]}],"references":[{"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","source":"6f8de1f0-f67e-45a6-b68f-98777fdb759c","tags":["Exploit","Third Party Advisory"]}]}}]}