-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| transformers | pip | >= 0, < 4.48.0 | 4.48.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from conversion scripts that process insecure file formats (e.g., pickle, .bin) using unsafe deserialization. The GitHub PR #35296 explicitly removes these scripts from release wheels to mitigate the risk, confirming they were the attack vector. While exact function names aren't provided in the advisory, the context strongly indicates conversion scripts for MobileViTV2 are the vulnerable components, as they handle untrusted data deserialization during model conversion.