-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper access control in temporary file handling. The file_download function is central to file access checks and would logically require validation of temporary file ownership. The file_usage_add function's role in tracking file associations likely contributed to the bypass. While the exact patch details are unavailable, Drupal's security advisory (SA-CORE-2016-001) and CWE-284 alignment strongly implicate these core File module functions responsible for access enforcement during pre-submission file handling.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| drupal/core | composer | >= 7.0, < 7.43 | 7.43 |
| drupal/core | composer | >= 8.0, < 8.0.4 | 8.0.4 |
| drupal/drupal | composer | >= 8.0, < 8.0.4 | 8.0.4 |
| drupal/drupal | composer | >= 7.0, < 7.43 | 7.43 |