-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| bentoml | pip |
PythonPythonMiggo AIRoot Cause AnalysisThe vulnerability pattern matches unvalidated redirects in web handlers. BentoML's web server would need endpoints that: 1) Accept URL parameters 2) Perform redirects without validation. The first function is high confidence based on common open-redirect patterns in web frameworks (e.g., Flask's redirect()). The second is medium confidence given OAuth's typical use of redirect URIs, though requires more assumptions about BentoML's implementation.
Ongoing coverage of React2Shell