-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Radicale | pip | < 1.1 | 1.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper input validation in the multifilesystem storage backend. The commit bcaf452 adds path safety checks to these two functions, indicating they previously handled user-controlled 'component names' without proper sanitization. The functions directly used the untrusted 'name' parameter to construct filesystem paths via os.path.join, enabling path traversal attacks. The patch introduces pathutils.is_safe_filesystem_path_component validation to prevent this, confirming these were the vulnerable entry points.