-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two key issues: 1) The logging handler managed files without *.log extension validation, and 2) The log listing API endpoint exposed all files in log directories. The release notes explicitly mention adding *.log restrictions in 1.6.0, and the researcher's blog demonstrates exploiting file management to access SSH keys. These functions directly correspond to the described attack vectors (arbitrary file read via log management).
PythonPythonOngoing coverage of React2Shell
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| octoprint | pip | < 1.6.0 | 1.6.0 |