-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| buildbot | pip | >= 0.9.0, < 1.8.1 | 1.8.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized user input in redirect URLs. The pre-patch code in resource.py's Redirect class and RedirectResource directly used user-controlled 'redirect' parameters without CRLF stripping. The commit adds protect_redirect_url() to sanitize these inputs, and modifies both the Redirect constructor and RedirectResource.render to use it. The added test cases specifically validate CRLF stripping in these code paths, confirming these were the vulnerable functions.