-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mindsdb | pip | >= 23.11.4.2, < 24.7.4.1 | 24.7.4.1 |
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability stems from the use of unsafe eval() on user-controlled input across multiple handlers. The GitHub patch replaces eval() with ast.literal_eval() in these functions, confirming their role in the exploit. The HiddenLayer advisory explicitly links these functions to code execution via crafted queries (e.g., UPDATE/INSERT operations). Each function processes untrusted data passed to eval(), satisfying CWE-95's 'Eval Injection' criteria. High confidence is justified as the commit directly addresses these functions, and the advisory provides exploit details for each.
Ongoing coverage of React2Shell