-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| django-markupfield | pip | < 1.3.2 | 1.3.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insecure default settings in docutils' reStructuredText processing. The pre-patch version of render_rest in markup.py only loaded user-defined RESTRUCTUREDTEXT_FILTER_SETTINGS without enforcing security-critical defaults (raw_enabled=False, file_insertion_enabled=False). The commit diff explicitly shows these security settings being added to the overrides within render_rest, confirming this was the vulnerable function. The CWE-200 classification aligns with this being an information exposure vulnerability through unsecured text processing functionality.