-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| horizon | pip | < 8.0.0a0 | 8.0.0a0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped user input in the 'help_text' attribute. The commit diff shows the fix adds Django's html.escape() to the 'Description' parameter in _build_parameter_fields(). This function's pre-patch version directly used untrusted input from heat templates, making it the clear injection point. The CVE description explicitly references the 'help_text' handling in the Field class, which aligns with this code location.