-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.nepxion:discovery | maven | <= 6.16.2 |
Miggo AIRoot Cause AnalysisThe primary vulnerability stems from DiscoveryExpressionResolver.eval using StandardEvaluationContext with user-controlled SpEL expressions. This allows attackers to execute arbitrary code via expressions like T(java.lang.Runtime).getRuntime().exec(). StrategyResourceImpl.validateExpression is the entry point that propagates untrusted input to the vulnerable eval method. Both functions are explicitly referenced in the GHSL-2022-033 advisory and code snippets showing the injection flow.