-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mindsdb | pip | < 23.7.4.1 | 23.11.4.1 |
Miggo AIRoot Cause AnalysisThe core vulnerability exists in the PUT handler for file uploads (File.put) where: 1) User-controlled 'name' parameter is used directly in file path construction without sanitization 2) File contents are written to disk (f.write(chunk)) before format validation 3) Temporary directory cleanup fails to account for path traversal 4) Multiple path injection points exist in archive handling. The NVD description and code references to lines 122-125/138 in file.py confirm this is the primary vulnerable function. The combination of CWE-22 and CWE-918 manifests here through unvalidated user input in file operations and external resource access.
Ongoing coverage of React2Shell