Davinci Project

davinci_project

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-31847 1Davinci Project 1Davinci Jan 22, 2025 May 17, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.
CVE-2023-31848 1Davinci Project 1Davinci Jan 23, 2025 May 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).
CVE-2023-24206 1Davinci Project 1Davinci Nov 21, 2024 Feb 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.