-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from weak password complexity requirements in Raneto v0.17.0, but no specific password-handling functions are directly shown in the provided commit diff. The patch (v0.17.1) adds warnings in configuration files and documentation but does not modify password validation logic in code. The weakness likely resides in the absence of password policy enforcement functions (e.g., no checks for minimum length, complexity) during credential setup. However, the provided code changes focus on input sanitization and documentation, not password validation routines. Without explicit evidence of password-checking functions in the diff, we cannot confidently identify specific vulnerable functions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| raneto | npm | <= 0.17.0 | 0.17.1 |
JavaScriptJavaScriptOngoing coverage of React2Shell