-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| zenstruck/collection | composer | < 0.2.1 | 0.2.1 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stemmed from accepting callable strings in find() and query() methods. The patch added && \is_object($specification) to the is_callable() checks, explicitly preventing string-based callables. The commit diff shows these methods were modified in EntityRepository.php, and tests were added to verify rejection of callable strings like 'system'. The CWE-74 classification confirms this is an injection vulnerability through improper input validation in these methods.
Ongoing coverage of React2Shell