-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| decidim | rubygems | >= 0.27.0, < 0.27.3 | 0.27.3 |
| decidim-meetings | rubygems | >= 0.27.0, < 0.27.3 | 0.27.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from Ransack's default permissive filtering behavior. The primary entry point is the meetings controller's index action where Ransack parameters are accepted without validation. The model layer's lack of attribute restrictions would compound this issue. While the exact patched code isn't shown, these are standard Ransack security patterns - the high-confidence controller entry point and medium-confidence model configuration align with the described attack vector (unauthenticated filtering of meetings to access user table data).
RubyRubyOngoing coverage of React2Shell