-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper path validation during zip extraction. The commit diff shows three critical points in ZipUtil.java where file paths were constructed using zip entry names without checking for directory traversal sequences ('../'). The patched version added canonical path checks to prevent escaping the target directory. The Unpacker.process method handles entry extraction and was missing these checks in vulnerable versions, making it the primary vulnerable function. The Snyk vulnerability report and CVE description explicitly reference this method as the vulnerable code path.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.zeroturnaround:zt-zip | maven | < 1.13 | 1.13 |