-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| langchain-experimental | pip | >= 0.1.17, <= 0.3.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from LLMSymbolicMathChain's use of sympy.sympify() which leverages Python's eval() for expression evaluation. The GitHub advisory and CVE description explicitly link this function to eval injection. The provided PoC demonstrates RCE through crafted input to sympify(), confirming the function's insecure implementation. The function responsible for passing user input to sympify() (likely _evaluate_expression in the chain's implementation) is the vulnerable entry point.
A Semantic Attack on Google Gemini - Read the Latest Research