-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pywbem | pip | < 0.8.1 | 0.8.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the use of two separate SSL connections in the wbem_request function. The first connection (using OpenSSL) performed certificate validation but omitted hostname checks, while the second connection (via httplib.HTTPSConnection) skipped validation entirely. The HTTPSConnection class's original implementation lacked validation logic for the actual request, creating a TOCTOU window. The patch removed the dual-connection approach and integrated validation into a single connection using M2Crypto, confirming these functions as the root cause.
PythonPythonOngoing coverage of React2Shell