-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| llama-index-core | pip | < 0.10.38 | 0.10.38 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the removed exec(f'from {module_import_str} import {cls_name}') line in download_integration(). This pattern allows arbitrary code execution if cls_name/module_import_str are controlled by an attacker, matching CWE-94. The commit explicitly removes this exec call as the fix, and all vulnerability descriptions directly reference this code pattern as the root cause.
Ongoing coverage of React2Shell