-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| moodle/moodle | composer | >= 4.4.0, < 4.4.2 | 4.4.2 |
| moodle/moodle | composer | >= 4.3.0, < 4.3.6 | 4.3.6 |
| moodle/moodle | composer | >= 4.2.0, < 4.2.9 | 4.2.9 |
| moodle/moodle | composer | < 4.1.12 | 4.1.12 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from Moodle's cURL wrapper handling of redirects. The commit MDL-82136 explicitly addresses CURLOPT_UNRESTRICTED_AUTH configuration, which controls credential forwarding. The setup function in lib/curl/curl.php would be responsible for configuring these cURL options. In vulnerable versions, this function likely allowed credentials to persist across redirects by not properly managing the CURLOPT_UNRESTRICTED_AUTH flag and header stripping logic during emulated redirect scenarios.