-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from SQLDatabaseChain's handling of user input to generate executable SQL. The commit diff shows this component was completely removed from the main package due to security concerns. The _call method directly executed LLM-generated SQL without proper sanitization, while from_llm created vulnerable instances. Attackers could manipulate prompts to inject malicious SQL through the chain's query generation process.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| langchain | pip | >= 0, < 0.0.247 | 0.0.247 |
Ongoing coverage of React2Shell