-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:templating-engine | maven | <= 2.1 | 2.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from missing Script Security Plugin integration. Key evidence includes: 1) The commit replaces custom DslSandbox and GroovyShell evaluation with SecureGroovyScript from script-security plugin. 2) The deleted DslSandbox class shows prior reliance on incomplete security checks. 3) The parse() method's original flow (GroovyShell + custom sandbox) was replaced with script-security's approved evaluation mechanism. These changes directly correlate with CWE-693 (Protection Mechanism Failure) by demonstrating insufficient security controls in the original implementation.