{"vulnerability": "CVE-2024-24759", "sightings": [{"uuid": "c2e64f98-54ef-4b24-9389-16111e818f7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lhcgtwozns2h", "content": "", "creation_timestamp": "2025-02-03T21:01:56.559546Z"}, {"uuid": "0b0ed1f6-4208-4331-b84d-c67a524ea221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-24759.yaml", "content": "", "creation_timestamp": "2025-01-04T05:46:54.000000Z"}, {"uuid": "8eca93ff-c984-4cea-8038-2179465f6d48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/12508", "content": "\u200aMindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections\n\nhttps://securityonline.info/mindsdb-fixes-critical-cve-2024-24759-dns-rebinding-attack-bypasses-security-protections/", "creation_timestamp": "2024-09-08T17:48:05.000000Z"}, {"uuid": "3a6663b4-5d52-421d-80ab-fc5c283fffd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "seen", "source": "https://t.me/cvedetector/4933", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-24759 - MindsDB Server-Side Request Forgery (SSRF) and Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2024-24759 \nPublished : Sept. 5, 2024, 5:15 p.m. | 26\u00a0minutes ago \nDescription : MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch. \nSeverity: 9.3 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T19:43:06.000000Z"}, {"uuid": "7133a35f-7b6c-4807-9670-342f5450b141", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "seen", "source": "https://t.me/CyberBulletin/580", "content": "\u26a1\ufe0fMindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections.\n\n#CyberBulletin", "creation_timestamp": "2024-09-08T06:29:52.000000Z"}, {"uuid": "14b0e282-4bb2-4da6-9fdc-0df5e6f2e997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/305", "content": "#exploit\n1. CVE-2024-7954:\nUnauth RCE in SPIP\nhttps://github.com/Chocapikk/CVE-2024-7954\n\n2. CVE-2024-0692:\nSolarWinds Security Event Manager AMF deserialization RCE\nhttps://exp10it.io/2024/03/solarwinds-security-event-manager-amf-deserialization-rce-cve-2024-0692\n\n3. CVE-2024-24759:\nBypass SSRF Protection with DNS Rebinding\nhttps://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr", "creation_timestamp": "2024-09-09T14:48:44.000000Z"}, {"uuid": "e3bf207a-5cf2-4734-b770-ef1272fb0ef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/791", "content": "#exploit\n1. CVE-2024-7954:\nUnauth RCE in SPIP\nhttps://github.com/Chocapikk/CVE-2024-7954\n\n2. CVE-2024-0692:\nSolarWinds Security Event Manager AMF deserialization RCE\nhttps://exp10it.io/2024/03/solarwinds-security-event-manager-amf-deserialization-rce-cve-2024-0692\n\n3. CVE-2024-24759:\nBypass SSRF Protection with DNS Rebinding\nhttps://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr", "creation_timestamp": "2024-09-09T14:49:02.000000Z"}, {"uuid": "3a1f5c38-05af-4e56-b71d-4da4669f2420", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-24759", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11102", "content": "#exploit\n1. CVE-2024-7954:\nUnauth RCE in SPIP\nhttps://github.com/Chocapikk/CVE-2024-7954\n\n2. CVE-2024-0692:\nSolarWinds Security Event Manager AMF deserialization RCE\nhttps://exp10it.io/2024/03/solarwinds-security-event-manager-amf-deserialization-rce-cve-2024-0692\n\n3. CVE-2024-24759:\nBypass SSRF Protection with DNS Rebinding\nhttps://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr", "creation_timestamp": "2024-09-12T12:57:45.000000Z"}]}