{"id":"CVE-2023-49795","summary":"MindsDB Server-Side Request Forgery vulnerability","details":"MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.\n","aliases":["GHSA-34mr-6q8x-g9r6","PYSEC-2023-277"],"modified":"2026-05-01T04:21:15.544990Z","published":"2023-12-11T19:01:00.946Z","database_specific":{"cwe_ids":["CWE-918"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49795.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49795.json"},{"type":"ADVISORY","url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49795"},{"type":"FIX","url":"https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mindsdb/mindsdb","events":[{"introduced":"0"},{"fixed":"5ebab23447817abd8929fbcb3a225647207e3071"}]}],"versions":["2.14.0","2.20.1","2.21.0","2.21.1","2.21.2","2.30.0","2.31.0","2.33.0","2.36.0","2.36.0v2","2.37.0","2.38.0","v0.8.8","v0.8.9.1","v1.0.6","v2.0.0","v2.1.0","v2.1.1","v2.1.2","v2.10.0","v2.10.2","v2.11.0","v2.11.1","v2.11.2","v2.14.0","v2.15.0","v2.17.1","v2.2.0","v2.2.1","v2.26.0","v2.27.0","v2.3.0","v2.30.1","v2.35.0","v2.39.0","v2.4.0","v2.40.0","v2.41.0","v2.41.1","v2.41.2","v2.42.0","v2.42.1","v2.42.2","v2.43.0","v2.44.0","v2.45.0","v2.45.1","v2.45.2","v2.5.0","v2.6.0","v2.6.1","v2.7.0","v2.7.1","v2.7.2","v2.8.0","v2.8.1","v2.8.3","v2.9.0","v2.9.1","v22.11.4.0","v22.11.4.1","v22.11.4.2","v22.11.4.3","v22.12.4.0","v22.12.4.2","v22.12.4.3","v22.5.1.2","v23.1.3.0","v23.1.3.1","v23.1.3.2","v23.1.5.0","v23.10.2.0","v23.10.3.1","v23.10.5.0","v23.11.1.0","v23.11.4.0","v23.2.1.0","v23.2.2.0","v23.2.2.1","v23.2.3.0","v23.2.3.1","v23.2.4.0","v23.2.4.1","v23.2.4.2","v23.2.4.3","v23.3.2.0","v23.3.3.0","v23.3.3.1","v23.3.3.2","v23.3.3.3","v23.3.3.4","v23.3.3.5","v23.3.4.0","v23.3.5.0","v23.4.3.0","v23.4.3.1","v23.4.3.2","v23.4.4.0","v23.4.4.1","v23.4.4.2","v23.4.4.3","v23.4.4.4","v23.5.3.1","v23.5.3.2","v23.5.4.1","v23.6.1.1","v23.6.2.0","v23.6.3.0","v23.6.3.1","v23.6.4.0","v23.6.5.0","v23.6.5.1","v23.7.1.0","v23.7.2.0","v23.7.3.0","v23.7.3.1","v23.7.4.0","v23.7.4.1","v23.8.1.0","v23.8.3.0","v23.9.1.0","v23.9.1.1","v23.9.2.0","v23.9.2.1","v23.9.3.0","v23.9.3.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-49795.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}