-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| swiftmailer/swiftmailer | composer | < 5.4.5 | 5.4.5 |
Miggo AIRoot Cause AnalysisThe vulnerability occurs in mail transport handling where user-controlled email addresses (From/ReturnPath/Sender) are passed to PHP's mail() without proper sanitization. The send() method constructs command parameters using _getReversePath() which retrieves sender addresses from message headers. Pre-patch versions lacked validation of dangerous shell characters in these addresses, allowing injection via escaped quotes. The CHANGES file confirms the security fix in 5.4.5 specifically targets mail transport argument sanitization.