-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient file validation in asset uploads. The pre-patch code in modules/Assets/bootstrap.php only blocked based on file extensions (like .php, .html) but didn't validate MIME types. This allowed files with allowed extensions but dangerous content types (e.g., text/html) to be uploaded. The stored files could then be served with executable MIME types, enabling XSS. The patch added MIME validation (finfo_file checks) alongside extension checks, confirming this was the vulnerability source.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| cockpit-hq/cockpit | composer | < 2.6.3 | 2.6.3 |
A Semantic Attack on Google Gemini - Read the Latest Research