-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.gitblit:gitblit | maven | <= 1.9.3 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in resource handling via '/resources//../' patterns. In Java web applications, servlets typically map URL patterns to file system paths. The PoC shows traversal through WEB-INF/META-INF paths, which are protected directories. The double-slash and '../' sequence suggests inadequate path normalization in the resource-serving logic. The ResourceServlet class (common name pattern in Java web apps) would logically handle '/resources/*' requests. The vulnerability stems from directly using unsanitized URL-derived paths when accessing files, without resolving canonical paths or checking for directory escapes. This matches CWE-22's improper path limitation pattern.