-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| composio-core | pip |
Miggo AIRoot Cause AnalysisThe vulnerability is explicitly tied to the WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. SSRF typically occurs when: 1) User-controlled input is used to make backend requests 2) No validation restricts URL schemes or IP ranges. The endpoint's purpose (website scraping) implies it takes URLs as input, and the impact (file access/AWS metadata leakage) confirms insufficient input validation. While exact code isn't shown, the pattern matches classic SSRF in web request handlers.
PythonPythonOngoing coverage of React2Shell