-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
RubyRuby| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ldap_fluff | rubygems | < 0.4.0 | 0.4.0 |
Miggo AIRoot Cause AnalysisThe GitHub patch explicitly adds a check for empty/nil passwords in the authenticate? method. The vulnerability description matches this code change - allowing authentication bypass via unspecified vectors (empty password being the implied vector). The commit message 'Protect against passwordless auth' directly correlates with the CVE's authentication bypass description. The vulnerable version range (<0.4.0) corresponds to versions without this password presence check.
Ongoing coverage of React2Shell