-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing thread synchronization in the authentication flow. The patch introduced a mutex lock (AuthLocker) around the internal _login() function, indicating the original login() function was vulnerable to race conditions. The lack of locking in the pre-patch version allowed concurrent authentication requests to interfere with session management, matching CWE-276 (missing access controls) and CWE-488 (session data exposure). The commit diff explicitly modifies this file/function to add synchronization, confirming the location and nature of the vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| pgadmin4 | pip | < 7.0 | 7.0 |
A Semantic Attack on Google Gemini - Read the Latest Research