-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| django | pip | >= 1.7, < 1.7.11 | 1.7.11 |
| django | pip | >= 1.9a1, < 1.9rc2 | 1.9rc2 |
| Django | pip | >= 1.8a1, < 1.8.7 | 1.8.7 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the unvalidated 'format_type' parameter in get_format(), which was patched by adding a check against FORMAT_SETTINGS. The commit diff explicitly modifies this function to restrict access to predefined date/time-related settings, and the CVE description directly implicates this function as the attack vector. The added test case (test_format_arbitrary_settings) further confirms the exploit mechanism.
Ongoing coverage of React2Shell