-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPythonMiggo AIRoot Cause AnalysisThe commit diff shows removal of organization_id handling from the UserResource.patch method. The vulnerable version contained logic to process organization_id parameter updates and modify user.organization_id without permission revocation. This directly enabled the improper permission preservation described in CVE-2023-22738.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| vantage6 | pip | < 3.8.0 | 3.8.0 |
Ongoing coverage of React2Shell