-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| publify_core | rubygems | < 9.2.8 | 9.2.8 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the comments_closed? method in Article model not including a published? check. The patch adds this check to prevent comments on unpublished/draft articles. Supporting evidence includes: 1) Direct modification to the comments_closed? method in the diff, 2) Added test cases verifying comment blocking on draft articles, 3) CWE-863 mapping indicating authorization flaws in access control decisions.
A Semantic Attack on Google Gemini - Read the Latest Research