-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/zalando/skipper | go | < 0.13.218 | 0.13.218 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the lack of raw query validation before processing query parameters in routing predicates. The fix introduced the ValidateQueryHandler in net/query.go, which parses the raw query upfront using url.ParseQuery(). In vulnerable versions, this validation was missing, allowing attackers to craft queries (e.g., 'foo=bar;') that bypassed predicate checks like Query("foo"). The vulnerable code path was the default request handling flow, which did not include this validation step. The key issue was not a specific function but the absence of the validation middleware, which allowed malformed queries to reach predicate logic with improperly parsed parameters.
GoGoOngoing coverage of React2Shell