-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ml-logger | pip | <= 0.10.36 |
Miggo AIRoot Cause AnalysisThe vulnerability lies in the ml_logger/server.py file, specifically within the LoggingServer class. The analysis of the GitHub issue and the source code confirms that the stream_handler function is vulnerable to arbitrary file reading. The user-controlled key parameter is used to construct a file path without sufficient sanitization, leading to a path traversal vulnerability. An attacker can craft a request with a malicious key to access any file on the server's filesystem that the server process has read permissions for. The PoC provided in the GitHub issue (curl -X GET -H 'Content-Type: application/json' -d '{"key":"//proc/self/cmdline"}' http://127.0.0.1:8081/stream) clearly demonstrates this. Furthermore, the glob_handler function is also vulnerable in a similar way through the wd parameter, allowing an attacker to list files in arbitrary directories. The core of the issue is in the abs_path function, which fails to prevent path traversal. The identified functions, LoggingServer.stream_handler, LoggingServer.glob_handler, and LoggingServer.abs_path, would all appear in a runtime profile during exploitation of this vulnerability.
Ongoing coverage of React2Shell