-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.codehaus.plexus:plexus-utils | maven | < 3.0.24 | 3.0.24 |
Miggo AIRoot Cause AnalysisThe vulnerability is explicitly tied to the writeComment method in the commit diff and advisory descriptions. The patch adds sanitization loops to remove '<!--' and '-->' sequences, which were missing in vulnerable versions. The CWE-91 (XML Injection) mapping confirms this is an injection vulnerability caused by improper comment handling in XML generation.