-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/answerdev/answer | go | < 1.0.6 | 1.0.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the lack of captcha invalidation after verification. The pre-patch code in VerifyCaptcha only performed a GetCaptcha check without subsequent deletion (DelCaptcha). This made the system susceptible to capture-replay attacks, as demonstrated by the fix which explicitly adds DelCaptcha call after verification. The CWE-294 classification and commit message 'update VerifyCaptcha' confirm this was the attack surface.