CVE-2023-31847

Published May 17th, 2023

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.

edp963/davinci

Davinci is a DVsaaS (Data Visualization as a Service) Platform

GitHub

5.01K