-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGoMiggo AIRoot Cause AnalysisThe critical security patch adds path traversal validation to utils.makeFileContent, which handles file operations. The vulnerability (CWE-22) manifests when user-controlled inputs (fileName/FileDir) aren't properly sanitized before file system operations. This function's modification directly addresses the path traversal by rejecting './' patterns, indicating it was the vulnerable entry point. Other changes in the commit relate to database handling and UI elements, not file path security.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/flipped-aurora/gin-vue-admin | go | < 2.5.5 | 2.5.5 |
Ongoing coverage of React2Shell