-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| composio-core | pip | <= 0.5.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the Calculator action's execute method (line 29 in calculator.py) which uses eval() on unvalidated user input (request.operation). This violates CWE-94 as it allows code injection by passing malicious payloads in mathematical expressions. Multiple sources confirm the vulnerable pattern: 1) The GitHub code shows direct eval() usage, 2) CVE description explicitly mentions this function/file, 3) VulDB submission details the lack of input restrictions, and 4) The CVSS metrics align with code injection impacts. The combination of unsanitized eval usage and explicit vulnerability reports gives high confidence in this identification.
PythonPythonKEV Misses 88% of Exploited CVEs- Get the report