-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| code.gitea.io/gitea | go | < 1.22.1 | 1.22.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from improper sanitizer initialization handling. Key evidence includes: 1) The commit removes NewSanitizer calls and introduces ResetDefaultSanitizerForTesting 2) Tests were modified to reset sanitizer state 3) The patch splits policy creation into dedicated files 4) CVE description indicates improper input neutralization during HTML generation. The singleton pattern with sync.Once prevented proper policy updates when URL scheme configurations changed, allowing stored XSS payloads through un-sanitized URI schemes.
A Semantic Attack on Google Gemini - Read the Latest Research