-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe commit diff shows explicit additions of h.escape() to multiple user-controlled fields across controllers, models and templates. These fields (first/last names, group/repo descriptions) were previously rendered without proper output encoding. The vulnerability patterns match classic stored XSS scenarios where untrusted input is reflected in admin UIs without sanitization. High confidence comes from direct evidence in the patch where escaping was added to previously vulnerable code paths.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Kallithea | pip | < 0.2.1 | 0.2.1 |