-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from 4 key issues: 1) Sessions were only invalidated after 24h creation time instead of 15m inactivity 2) No session freshness tracking 3) Remember-me cookies weren't tied to password hashes 4) No session signature validation. The commit introduced session touch tracking, password-hash-linked cookies, signature validation, and stricter cleanup - indicating these were the vulnerable areas. The functions handling session lifecycle management and cookie encoding/validation were directly modified to address these flaws.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| OctoPrint | pip | < 1.8.3 | 1.8.3 |
Ongoing coverage of React2Shell