CVE-2023-31847 Information

Description

In davinci 0.3.0-rc after logging in the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.

Reference

https://github.com/edp963/davinci/issues/2326