-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| yiisoft/yii2 | composer | < 2.0.11 | 2.0.11 |
Miggo AIRoot Cause AnalysisThe vulnerability was explicitly patched by adding HTML encoding via $this->htmlEncode() in the renderRequest method. The commit diff shows the critical line change from returning raw request data wrapped in <pre> tags to properly encoded data. This method handles debug error page rendering where user-controlled input (request parameters) is displayed, making it the direct attack vector. No other functions were modified in the security-related commit, and the CVE description specifically references mishandling of request data in debug exception screens.