-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.craftercms:crafter-studio | maven | >= 3.1.0, < 3.1.18 | 3.1.18 |
Miggo AIRoot Cause AnalysisThe vulnerability explicitly involves FreeMarker static method exploitation. FreeMarker template engine configurations that enable access to static methods (particularly from java.lang.Runtime or similar classes) are a well-known attack vector for RCE. The advisory specifically calls out 'Improper Control of Dynamically-Managed Code Resources' (CWE-913), which aligns with insecure FreeMarker configuration management. While exact code isn't available, the pattern matches known FreeMarker RCE vulnerabilities where unsafe configuration settings permit static method access. The patched version (3.1.18) likely introduced stricter ClassResolver configurations or disabled unsafe built-ins.