-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| yiisoft/yii2-dev | composer | = 2.0.12 | 2.0.13 |
| yiisoft/yii2 | composer | = 2.0.12 | 2.0.13 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unescaped output of $exception->errorInfo in the exception rendering template. The commit diff shows the vulnerable line was originally '<pre>Error Info: <?php print_r($exception->errorInfo, true) ?></pre>' which lacked HTML encoding. The fix added $handler->htmlEncode() around the output. This specific code path in the error handler view template is the root cause because it directly outputs user-controllable error information from database exceptions without proper sanitization when debug mode exposes detailed error reports.
A Semantic Attack on Google Gemini - Read the Latest Research