-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper CSV formula neutralization. The patch introduces InvenTreeResource overriding export_resource to strip dangerous leading characters. Prior to 0.7.2, admin classes like BuildResource/CompanyResource directly used ModelResource without this sanitization. The commit diff shows these resources were switched to inherit from InvenTreeResource, confirming the original parent class's export_resource was vulnerable. While no single function is named in the diff, the pattern of replacing ModelResource inheritance indicates the base export_resource method was the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| inventree | pip | < 0.7.2 | 0.7.2 |
A Semantic Attack on Google Gemini - Read the Latest Research