-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| bodhi | pip | <= 2.9.0 | 2.9.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the bug_link function in util.py which constructed HTML links using raw bug.title values. The pre-patch code (link = link + ' ' + bug.title) shows no sanitization of user-controlled bug titles. The fix introduced bleach.clean() to sanitize the title, and the added test cases demonstrate XSS prevention by verifying HTML escaping. This matches the CWE-79 pattern of improper input neutralization during web page generation.
PythonPythonOngoing coverage of React2Shell