CVE-2023-30620 – Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb
https://notcve.org/view.php?id=CVE-2023-30620
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. An attacker may leverage this vulnerability to overwrite any local file which the server process has access to. • https://github.com/mindsdb/mindsdb/commit/4419b0f0019c000db390b54d8b9d06e1d3670039 https://github.com/mindsdb/mindsdb/releases/tag/v23.2.1.0 https://github.com/mindsdb/mindsdb/security/advisories/GHSA-2g5w-29q9-w6hx • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-23522 – Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb
https://notcve.org/view.php?id=CVE-2022-23522
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a **TarSlip** or a **ZipSlip variant**. Unpacking files using the high-level function `shutil.unpack_archive()` from a potentially malicious tarball without validating that the destination file path remained within the intended destination directory may cause files to be overwritten outside the destination directory. • https://github.com/mindsdb/mindsdb/security/advisories/GHSA-7x45-phmr-9wqp • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •