-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mosn.io/mosn | go | < 0.23.0 | 0.23.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper case-sensitive handling of URL paths in JWT authorization checks. The GitHub issue (#1633) demonstrates that requests with case-varied paths (e.g., '/indeX' vs '/index') bypassed authentication. The fix in PR #1637 modified the prefix matching logic to use case-insensitive comparisons when configured, confirming the vulnerability existed in the original case-sensitive Matches function implementation.
GoGoOngoing coverage of React2Shell