-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| langchain | pip | < 0.0.247 | 0.0.247 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from SQLDatabaseChain's handling of user prompts to generate SQL queries. The provided PoC demonstrates that crafted prompts can execute arbitrary SQL commands (like checking PostgreSQL settings). The chain's _call method directly executes generated SQL without validation, and from_llm creates vulnerable instances by default. The vulnerability was addressed in 0.0.247 by moving this functionality to langchain-experimental with added warnings, confirming these functions' roles in the exploit.