-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| swift | pip | < 1.9.0 | 1.9.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the unescaped insertion of the 'account' variable into an XML response in swift/account/server.py. The GitHub patch explicitly adds saxutils.escape(account) to mitigate this, confirming the lack of input sanitization in the original code. The CWE-94 classification and commit message directly align with this code change, indicating high confidence in this function's role in the vulnerability.