-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from improper output encoding in web console rendering. The patch introduced OWASP Encoder to replace a flawed custom escaping method. Key XSS vectors were: 1) The original WebConsoleHelper.escapeHtml only did basic character replacement, failing to cover all contexts. 2) Multiple locations in HealthCheckWebconsolePlugin directly output unescaped user-controlled data (tags, service metadata, error messages) into HTML responses. The commit diff shows critical additions of context-aware encoding (escapeHtmlContent/escapeHtmlAttr) precisely in these areas, confirming they were vulnerable.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.felix:org.apache.felix.healthcheck.webconsoleplugin | maven | < 2.1.0 | 2.1.0 |
A Semantic Attack on Google Gemini - Read the Latest Research