-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| open-uri-cached | rubygems | <= 1.0.0 |
Miggo AIRoot Cause AnalysisThe vulnerability arises from two key issues: 1) Predictable temporary directory paths (/tmp/openuri-UID) allow attackers to create directories and inject malicious .meta files. 2) The get method uses unsafe YAML deserialization (YAML.load/YAML.unsafe_load) on these files, enabling code execution. The filename_from_url function directly contributes to the insecure path construction. Both functions are explicitly referenced in the advisory links and code snippets, confirming their role in the exploit chain.
A Semantic Attack on Google Gemini - Read the Latest Research