-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| openc3 | rubygems | < 5.19.0 | 5.19.0 |
| openc3 | pip | < 5.19.0 | 5.19.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper input sanitization in the ScreensController's show action, which passed user-controlled parameters (scope, target, screen) to Screen.find. These parameters were used to construct filesystem paths in LocalMode.open_local_file without validation. The commit patched this by introducing a sanitize_params method to validate and sanitize these parameters. The high confidence for ScreensController#show and Screen.find comes from direct evidence in the diff showing the addition of sanitization. LocalMode.open_local_file's involvement is inferred from the advisory description but lacks explicit code visibility, hence medium confidence.