-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.openmeetings:openmeetings-db | maven | >= 2.0.0, < 7.1.0 | 7.1.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from an incorrect comparison (CWE-697) in hash validation. The patch introduced an exact hash comparison (i.getHash().equals(hash)) after querying, indicating the previous implementation lacked strict equality check. The getByHash method's pre-patch version used a wildcard-based query that could return unintended matches, combined with list.size() == 1 check without verifying full hash equality, enabling unauthorized access through hash truncation/partial matches.
A Semantic Attack on Google Gemini - Read the Latest Research