-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| rdiffweb | pip | < 2.5.0a4 | 2.5.0a4 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insufficient input validation in user profile fields. The patches explicitly add regex validators (PATTERN_USERNAME, PATTERN_FULLNAME, PATTERN_EMAIL) to these form handlers, which were previously missing. Attackers could exploit the lack of validation to inject malicious redirect URLs into user-controlled fields. The CWE-601 context and commit message ('Enforce validation... for increase security') confirm this was the attack vector.
A Semantic Attack on Google Gemini - Read the Latest Research