-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Djblets | pip | < 0.7.30 | 0.7.30 |
| Djblets | pip | >= 0.8, < 0.8.3 | 0.8.3 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly cites json_dumps as the source of the XSS flaw. The GitHub patch (77a68c03cd619a0996f3f37337b8c39ca6643d6e) modifies this function to add escaping for critical characters using force_text().translate() with a custom escape map. The added unit test in tests.py confirms the vulnerability by demonstrating that unescaped </script> payloads could execute scripts before the fix. The CVE-2014-3994 documentation and commit messages directly attribute the issue to insufficient escaping in json_dumps.