Miggo Logo

GHSA-9f2c-xxfm-32mj: Duplicate of GHSA-4xh4-v2pq-jvhm

N/A

CVSS Score

Basic Information

CVE ID
-
EPSS Score
-
CWE
-
Published
1/11/2023
Updated
1/27/2023
KEV Status
No
Technology
TechnologyDart

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
personnummerpub< 3.0.33.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability centers around improper input validation of Swedish personal identity numbers. While no direct patch diffs are provided, multiple advisories explicitly state the root cause was a regex that allowed invalid last-four-digit patterns (^000[0-9]$). The primary validation function Personnummer.validate would be responsible for executing this regex check. In Dart implementations, this would typically be a static validation method in the Personnummer class. The function signature matches the entry point for number validation and would appear in stack traces when processing malicious inputs.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

## *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* [**S*-*x**-v*pq-jv*m](*ttps://*it*u*.*om/**visori*s/**S*-*x**-v*pq-jv*m). T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ## Ori*in*l **s*ription T** p*rs

Reasoning

T** vuln*r**ility **nt*rs *roun* improp*r input v*li**tion o* Sw**is* p*rson*l i**ntity num**rs. W*il* no *ir**t p*t** *i**s *r* provi***, multipl* **visori*s *xpli*itly st*t* t** root **us* w*s * r***x t**t *llow** inv*li* l*st-*our-*i*it p*tt*rns (