-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from how XWikiDocument stored objects in a list structure (TreeMap of Lists) where high object numbers created millions of null entries. The critical functions are those manipulating object indices (createXObject, setXObject, setXObjects) which allowed unbounded list growth. The patch replaced the list with a map-based structure (BaseObjects) to eliminate null entries, confirming the original list-handling functions were vulnerable. The confidence is high due to direct correlation between the attack vector (high index insertion) and the patched storage mechanism.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.xwiki.platform:xwiki-platform-oldcore | maven | < 14.0-rc-1 | 14.0-rc-1 |
Ongoing coverage of React2Shell