CVE-2023-31847

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
Affected Products (NVD)
VendorProductVersion
davinci_projectdavinci
0.3.0:rc
𝑥
= Vulnerable software versions
References
https://github.com/edp963/davinci/issues/2326
https://github.com/edp963/davinci/issues/2326