-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly identifies getObjectByToken as the entry point for the unserialize operation on untrusted Lucene search data. The GitHub commit 3cb2683 confirms the fix replaced unsafe unserialize() with JSON decoding, directly addressing this vulnerability. The PoC demonstrates exploitation via crafted tokens processed by this function. No other functions are implicated in the provided technical details.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pimcore/pimcore | composer | >= 1.4.9, < 2.2.0 | 2.2.0 |