MindsDB Security Update Advisory (CVE-2024-24759)

Sep 11 2024

Overview

An update has been released to address vulnerabilities in MindsDB. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-24759

MindsDB versions: ~ 23.12.4.2 (inclusive)

Resolved Vulnerabilities

Vulnerability that could allow an attacker to bypass server-side request forgery protection across an entire website using DNS Rebinding (CVE-2024-24759)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-24759

MindsDB version: 23.12.4.3

References

[1] CVE-2024-24759 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-24759

[2] Bypass SSRF Protection with DNS Rebinding

https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr

[3] MindsDB commit

https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b

MindsDB Security Update Advisory (CVE-2024-24759)

Siemens Product Security Update Advisory

MS Family September 2024 Routine Security Update Advisory

Tags:

Siemens Product Security Update Advisory

MS Family September 2024 Routine Security Update Advisory