cvelistv5 - CVE-2023-49795

▼	URL	Tags
	security-advisories@github.com	https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe	Patch
	security-advisories@github.com	https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6	Vendor Advisory

▼	Vendor	Product
	mindsdb	mindsdb

pysec-2023-277

Vulnerability from pysec

Published

2023-12-11 19:15

Modified

2024-11-21 14:22

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mindsdb",
        "purl": "pkg:pypi/mindsdb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8d13c9c28ebcf3b36509eb679378004d4648d8fe"
            }
          ],
          "repo": "https://github.com/mindsdb/mindsdb",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23.11.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.6.5",
        "0.6.6",
        "0.6.7",
        "0.6.8",
        "0.6.9",
        "0.7.0",
        "0.7.1",
        "0.7.2",
        "0.7.3",
        "0.7.4",
        "0.7.5",
        "0.7.6",
        "0.7.7",
        "0.7.8",
        "0.7.9",
        "0.8.0",
        "0.8.1",
        "0.8.2",
        "0.8.3",
        "0.8.4",
        "0.8.5",
        "0.8.6",
        "0.8.7",
        "0.8.8",
        "0.8.9",
        "0.8.9.1",
        "0.8.9.2",
        "0.8.9.3",
        "0.8.9.4",
        "0.8.9.5",
        "0.8.9.6",
        "0.8.9.7",
        "0.8.9.8",
        "0.9.0.0",
        "0.9.0.1",
        "0.9.1.0",
        "0.9.2.0",
        "1.0",
        "1.0.1",
        "1.0.2",
        "1.0.3",
        "1.0.4",
        "1.0.5",
        "1.0.6",
        "1.0.7",
        "1.0.8",
        "1.0.9",
        "1.1.0",
        "1.1.2",
        "1.1.3",
        "1.1.7",
        "1.1.9",
        "1.10.0",
        "1.10.2",
        "1.10.3",
        "1.11.0",
        "1.11.2",
        "1.11.3",
        "1.11.4",
        "1.11.5",
        "1.11.8",
        "1.12.0",
        "1.12.1",
        "1.12.2",
        "1.12.3",
        "1.12.4",
        "1.12.5",
        "1.12.7",
        "1.12.8",
        "1.12.9",
        "1.13.0",
        "1.13.10",
        "1.13.11",
        "1.13.12",
        "1.13.15",
        "1.13.2",
        "1.13.3",
        "1.13.4",
        "1.13.5",
        "1.13.6",
        "1.13.7",
        "1.13.8",
        "1.13.9",
        "1.14.0",
        "1.14.1",
        "1.14.2",
        "1.14.3",
        "1.14.4",
        "1.15.1",
        "1.15.2",
        "1.15.6",
        "1.16.0",
        "1.16.1",
        "1.16.2",
        "1.17.0",
        "1.17.1",
        "1.17.2",
        "1.17.3",
        "1.17.4",
        "1.17.6",
        "1.17.8",
        "1.17.9",
        "1.18.0",
        "1.18.1",
        "1.18.2",
        "1.18.3",
        "1.18.5",
        "1.18.6",
        "1.18.7",
        "1.19.0",
        "1.19.1",
        "1.2.0",
        "1.2.1",
        "1.2.2",
        "1.2.3",
        "1.2.4",
        "1.2.5",
        "1.2.6",
        "1.2.8",
        "1.2.9",
        "1.20.0",
        "1.20.1",
        "1.21.0",
        "1.22.0",
        "1.23.0",
        "1.24.0",
        "1.24.1",
        "1.24.2",
        "1.25.0",
        "1.25.1",
        "1.25.2",
        "1.26.0",
        "1.26.1",
        "1.26.2",
        "1.26.3",
        "1.26.4",
        "1.26.5",
        "1.27.0",
        "1.27.1",
        "1.3.1",
        "1.3.2",
        "1.3.3",
        "1.3.4",
        "1.3.5",
        "1.3.6",
        "1.3.7",
        "1.4.0",
        "1.4.1",
        "1.4.10",
        "1.4.2",
        "1.4.3",
        "1.4.4",
        "1.4.5",
        "1.4.6",
        "1.4.7",
        "1.4.9",
        "1.5.0",
        "1.5.1",
        "1.5.2",
        "1.5.4",
        "1.6.0",
        "1.6.12",
        "1.6.13",
        "1.6.15",
        "1.6.17",
        "1.6.18",
        "1.6.3",
        "1.6.4",
        "1.6.5",
        "1.6.6",
        "1.6.7",
        "1.6.8",
        "1.7.0",
        "1.7.1",
        "1.7.10",
        "1.7.11",
        "1.7.12",
        "1.7.13",
        "1.7.14",
        "1.7.15",
        "1.7.16",
        "1.7.17",
        "1.7.18",
        "1.7.19",
        "1.7.2",
        "1.7.20",
        "1.7.21",
        "1.7.22",
        "1.7.23",
        "1.7.3",
        "1.7.5",
        "1.7.6",
        "1.7.7",
        "1.7.8",
        "1.7.9",
        "1.8.0",
        "1.8.2",
        "1.9.0",
        "1.9.1",
        "1.9.2",
        "1.9.3",
        "1.9.5",
        "1.9.6",
        "1.99.0",
        "1.99.1",
        "1.99.10",
        "1.99.11",
        "1.99.3",
        "1.99.4",
        "1.99.5",
        "1.99.6",
        "1.99.7",
        "1.99.8",
        "1.99.9",
        "2.0.0",
        "2.1.0",
        "2.1.2",
        "2.10.0",
        "2.10.1",
        "2.10.2",
        "2.11.0",
        "2.11.1",
        "2.11.2",
        "2.11.4",
        "2.12.0",
        "2.13.0",
        "2.13.1",
        "2.13.2",
        "2.13.3",
        "2.13.4",
        "2.13.5",
        "2.13.6",
        "2.13.7",
        "2.13.8",
        "2.14.0",
        "2.15.0",
        "2.17.1",
        "2.18.0",
        "2.19.0",
        "2.19.1",
        "2.19.2",
        "2.19.4",
        "2.19.5",
        "2.2.0",
        "2.2.1",
        "2.20.0",
        "2.20.1",
        "2.20.2",
        "2.21.0",
        "2.21.1",
        "2.21.2",
        "2.21.3",
        "2.22.0",
        "2.22.1",
        "2.22.2",
        "2.23.0",
        "2.24.0",
        "2.24.1",
        "2.25.0",
        "2.25.1",
        "2.25.2",
        "2.25.3",
        "2.26.0",
        "2.27.0",
        "2.28.0",
        "2.3.0",
        "2.30.0",
        "2.30.1",
        "2.31.0",
        "2.32.0",
        "2.33.0",
        "2.34.0",
        "2.35.0",
        "2.36.0",
        "2.37.0",
        "2.38.0",
        "2.39.0",
        "2.4.0",
        "2.40.0",
        "2.41.1",
        "2.41.2",
        "2.42.0",
        "2.42.1",
        "2.42.2",
        "2.43.0",
        "2.44.0",
        "2.45.0",
        "2.45.1",
        "2.45.2",
        "2.5.0",
        "2.50.0",
        "2.51.0",
        "2.51.1",
        "2.51.2",
        "2.52.0",
        "2.53.0",
        "2.54.0",
        "2.55.0",
        "2.55.1",
        "2.55.2",
        "2.56.0",
        "2.57.0",
        "2.58.0",
        "2.58.1",
        "2.58.2",
        "2.58.3",
        "2.59.0",
        "2.6.0",
        "2.6.1",
        "2.60.0",
        "2.60.1",
        "2.61.0",
        "2.62.0",
        "2.62.1",
        "2.62.2",
        "2.62.3",
        "2.62.4",
        "2.7.0",
        "2.7.1",
        "2.7.2",
        "2.8.0",
        "2.8.1",
        "2.8.3",
        "2.9.0",
        "2.9.1",
        "22.1.4.0",
        "22.1.4.1",
        "22.10.2.0",
        "22.10.2.1",
        "22.11.3.0",
        "22.11.3.2",
        "22.11.4.0",
        "22.11.4.1",
        "22.11.4.2",
        "22.11.4.3",
        "22.12.4.0",
        "22.12.4.2",
        "22.12.4.3",
        "22.2.1.0",
        "22.2.1.2",
        "22.2.2.0",
        "22.2.2.1",
        "22.2.4.0",
        "22.2.4.1",
        "22.3.1.0",
        "22.3.3.0",
        "22.3.4.0",
        "22.3.4.1",
        "22.3.4.2",
        "22.3.4.3",
        "22.3.5.0",
        "22.4.2.0",
        "22.4.2.1",
        "22.4.2.2",
        "22.4.3.0",
        "22.4.5.0",
        "22.5.1.0",
        "22.5.1.1",
        "22.5.1.2",
        "22.5.2.0",
        "22.5.4.0",
        "22.6.1.0",
        "22.6.1.1",
        "22.6.1.2",
        "22.6.2.0",
        "22.6.2.1",
        "22.6.2.2",
        "22.7.3.0",
        "22.7.3.1",
        "22.7.3.2",
        "22.7.3.3",
        "22.7.3.4",
        "22.7.4.0",
        "22.7.4.1",
        "22.7.5.0",
        "22.7.5.1",
        "22.8.2.0",
        "22.8.2.1",
        "22.8.3.0",
        "22.8.3.1",
        "22.8.4.0",
        "22.8.4.1",
        "22.8.5.0",
        "22.9.3.0",
        "22.9.3.1",
        "22.9.4.0",
        "22.9.5.1",
        "22.9.5.2",
        "22.9.5.3",
        "22.9.5.4",
        "23.1.3.0",
        "23.1.3.1",
        "23.1.3.2",
        "23.1.5.0",
        "23.10.2.0",
        "23.10.3.0",
        "23.10.3.1",
        "23.10.5.0",
        "23.11.1.0",
        "23.11.4.0",
        "23.2.1.0",
        "23.2.2.1",
        "23.2.3.0",
        "23.2.3.1",
        "23.2.4.0",
        "23.2.4.1",
        "23.2.4.2",
        "23.2.4.3",
        "23.3.2.0",
        "23.3.3.0",
        "23.3.3.1",
        "23.3.3.2",
        "23.3.3.3",
        "23.3.3.4",
        "23.3.3.5",
        "23.3.4.0",
        "23.3.5.0",
        "23.4.3.0",
        "23.4.3.1",
        "23.4.3.2",
        "23.4.4.0",
        "23.4.4.1",
        "23.4.4.2",
        "23.4.4.3",
        "23.4.4.4",
        "23.5.3.1",
        "23.5.3.2",
        "23.5.4.1",
        "23.6.1.1",
        "23.6.2.0",
        "23.6.3.0",
        "23.6.3.1",
        "23.6.4.0",
        "23.6.5.0",
        "23.6.5.1",
        "23.7.1.0",
        "23.7.2.0",
        "23.7.3.1",
        "23.7.4.0",
        "23.7.4.1",
        "23.8.1.0",
        "23.8.3.0",
        "23.9.1.0",
        "23.9.1.1",
        "23.9.2.0",
        "23.9.2.1",
        "23.9.3.0",
        "23.9.3.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49795",
    "GHSA-34mr-6q8x-g9r6"
  ],
  "details": "MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB\u0027s `staging` branch or v23.11.4.1, which contain a fix for the issue.\n",
  "id": "PYSEC-2023-277",
  "modified": "2024-11-21T14:22:54.391272+00:00",
  "published": "2023-12-11T19:15:00+00:00",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6"
    },
    {
      "type": "FIX",
      "url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

ghsa-34mr-6q8x-g9r6

Vulnerability from github

Published

2023-12-12 00:48

Modified

2024-11-22 18:14

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Server-Side Request Forgery in mindsdb

Details

Impact

The put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled URL in the source variable and uses it to create arbitrary requests on line 115, which allows Server-side request forgery (SSRF). This issue may lead to Information Disclosure. The SSRF allows for forging arbitrary network requests from the MindsDB server. It can be used to scan nodes in internal networks for open ports that may not be accessible externally, as well as scan for existing files on the internal network. It allows for retrieving files with csv, xls, xlsx, json or parquet extensions, which will be viewable via MindsDB GUI. For any other existing files, it is a blind SSRF.

Patches

Use mindsdb staging branch or v23.11.4.1

References

GHSL-2023-182 SSRF prevention cheatsheet.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "mindsdb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23.11.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-49795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-12T00:48:48Z",
    "nvd_published_at": "2023-12-11T19:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe put method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled URL in the source variable and uses it to create arbitrary requests on line 115, which allows Server-side request forgery (SSRF). This issue may lead to Information Disclosure. The SSRF allows for forging arbitrary network requests from the MindsDB server. It can be used to scan nodes in internal networks for open ports that may not be accessible externally, as well as scan for existing files on the internal network. It allows for retrieving files with csv, xls, xlsx, json or parquet extensions, which will be viewable via MindsDB GUI. For any other existing files, it is a blind SSRF.\n \n### Patches\n\nUse mindsdb staging branch or v23.11.4.1\n\n### References\n\n* GHSL-2023-182\n[SSRF prevention cheatsheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html).\n",
  "id": "GHSA-34mr-6q8x-g9r6",
  "modified": "2024-11-22T18:14:00Z",
  "published": "2023-12-12T00:48:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49795"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mindsdb/mindsdb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-277.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Server-Side Request Forgery in mindsdb"
}

gsd-2023-49795

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.

Aliases

CVE-2023-49795

Aliases

CVE-2023-49795

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-49795",
    "id": "GSD-2023-49795"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-49795"
      ],
      "details": "MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB\u0027s `staging` branch or v23.11.4.1, which contain a fix for the issue.\n",
      "id": "GSD-2023-49795",
      "modified": "2023-12-13T01:20:35.307743Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-49795",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "mindsdb",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 23.11.4.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "mindsdb"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB\u0027s `staging` branch or v23.11.4.1, which contain a fix for the issue.\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-918",
                "lang": "eng",
                "value": "CWE-918: Server-Side Request Forgery (SSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6",
            "refsource": "MISC",
            "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6"
          },
          {
            "name": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe",
            "refsource": "MISC",
            "url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-34mr-6q8x-g9r6",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C6B06EE4-0DFA-4550-AC4A-E16005231E2B",
                    "versionEndExcluding": "23.11.4.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB\u0027s `staging` branch or v23.11.4.1, which contain a fix for the issue.\n"
          },
          {
            "lang": "es",
            "value": "MindsDB conecta modelos de inteligencia artificial con datos en tiempo real. Las versiones anteriores a la 23.11.4.1 contienen una vulnerabilidad de server-side request forgery en `file.py`. Esto puede conducir a una divulgaci\u00f3n limitada de informaci\u00f3n. Los usuarios deben utilizar la rama `staging` de MindsDB o la versi\u00f3n 23.11.4.1, que contiene una soluci\u00f3n para el problema."
          }
        ],
        "id": "CVE-2023-49795",
        "lastModified": "2023-12-14T16:46:43.917",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 2.5,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-12-11T19:15:09.070",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-918"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CVE-2023-49795

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature

Action not permitted

CVE-2023-49795

Vulnerability from cvelistv5

pysec-2023-277

Vulnerability from pysec

ghsa-34mr-6q8x-g9r6

Vulnerability from github

Impact

Patches

References

gsd-2023-49795

Vulnerability from gsd

Tags

Sightings

Nomenclature