{"id":"CVE-2024-24759","summary":"MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding","details":"MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.","aliases":["GHSA-4jcv-vp96-94xr","PYSEC-2024-74"],"modified":"2026-04-16T04:12:38.169356Z","published":"2024-09-05T16:30:38.659Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24759.json","cwe_ids":["CWE-918"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/24xxx/CVE-2024-24759.json"},{"type":"ADVISORY","url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24759"},{"type":"FIX","url":"https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mindsdb/mindsdb","events":[{"introduced":"0"},{"fixed":"5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"}]}],"versions":["2.14.0","2.20.1","2.21.0","2.21.1","2.21.2","2.30.0","2.31.0","2.33.0","2.36.0","2.36.0v2","2.37.0","2.38.0","v0.8.8","v0.8.9.1","v1.0.6","v2.0.0","v2.1.0","v2.1.1","v2.1.2","v2.10.0","v2.10.2","v2.11.0","v2.11.1","v2.11.2","v2.14.0","v2.15.0","v2.17.1","v2.2.0","v2.2.1","v2.26.0","v2.27.0","v2.3.0","v2.30.1","v2.35.0","v2.39.0","v2.4.0","v2.40.0","v2.41.0","v2.41.1","v2.41.2","v2.42.0","v2.42.1","v2.42.2","v2.43.0","v2.44.0","v2.45.0","v2.45.1","v2.45.2","v2.5.0","v2.6.0","v2.6.1","v2.7.0","v2.7.1","v2.7.2","v2.8.0","v2.8.1","v2.8.3","v2.9.0","v2.9.1","v22.11.4.0","v22.11.4.1","v22.11.4.2","v22.11.4.3","v22.12.4.0","v22.12.4.2","v22.12.4.3","v22.5.1.2","v23.1.3.0","v23.1.3.1","v23.1.3.2","v23.1.5.0","v23.10.2.0","v23.10.3.1","v23.10.5.0","v23.11.1.0","v23.11.4.0","v23.11.4.1","v23.11.4.2","v23.12.4.0","v23.12.4.1","v23.2.1.0","v23.2.2.0","v23.2.2.1","v23.2.3.0","v23.2.3.1","v23.2.4.0","v23.2.4.1","v23.2.4.2","v23.2.4.3","v23.3.2.0","v23.3.3.0","v23.3.3.1","v23.3.3.2","v23.3.3.3","v23.3.3.4","v23.3.3.5","v23.3.4.0","v23.3.5.0","v23.4.3.0","v23.4.3.1","v23.4.3.2","v23.4.4.0","v23.4.4.1","v23.4.4.2","v23.4.4.3","v23.4.4.4","v23.5.3.1","v23.5.3.2","v23.5.4.1","v23.6.1.1","v23.6.2.0","v23.6.3.0","v23.6.3.1","v23.6.4.0","v23.6.5.0","v23.6.5.1","v23.7.1.0","v23.7.2.0","v23.7.3.0","v23.7.3.1","v23.7.4.0","v23.7.4.1","v23.8.1.0","v23.8.3.0","v23.9.1.0","v23.9.1.1","v23.9.2.0","v23.9.2.1","v23.9.3.0","v23.9.3.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24759.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"}]}