Eval on query parameters allows arbitrary code execution in ChromaDB integration

Products Impacted

This vulnerability is present in MindsDB versions v23.12.4.0 up to v24.7.4.1.

CVSS Score: 8.8

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE Categorization

CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)

Details

To exploit this, an attacker must be authenticated to a MindsDB instance that has the ChromaDB integration installed. The vulnerability exists because the value provided for the metadata column in an ‘INSERT’ statement is passed into an eval statement in the insert function in the mindsdb/integrations/handlers/chromadb_handler/chromadb_handler.py file (shown below – edited to only include the relevant sections).

def insert(self, table_name: str, data: pd.DataFrame):
        """
        Insert data into the ChromaDB database.
        """

        collection = self._client.get_or_create_collection(name=table_name)

        # drop columns with all None values

        data.dropna(axis=1, inplace=True)

        # ensure metadata is a dict, convert to dict if it is a string
        if data.get(TableField.METADATA.value) is not None:
            data[TableField.METADATA.value] = data[TableField.METADATA.value].apply(
                lambda x: x if isinstance(x, dict) else eval(x)
            )
...

The eval function appears to be used for parsing valid Python data types from arbitrary user input but has the side effect of enabling arbitrary code execution because Python code can be passed to it via the method explained above.