-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| markdown-it-py | pip | < 2.2.0 | 2.2.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from improper handling of null assertions in multiple rendering functions. The GitHub patch shows critical replacements of 'assert' statements with conditional checks in these functions. Assertions like 'assert token.children is not None' and 'assert token.attrs contains alt' could be forcibly failed with malicious input, triggering uncaught AssertionErrors and crashing the application. The functions were directly modified in the security fix commit to remove these dangerous assertions.
Ongoing coverage of React2Shell