-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJavaMiggo AIRoot Cause AnalysisThe commit diff shows the vulnerability was fixed by adding HTML escaping to the 'relayState' parameter when constructing the redirection script. The original code directly embedded user-controlled relayState into JavaScript (window.location.href) without sanitization, creating an XSS vector. The added test case in SamlAuthSsoHandlerTest.java explicitly verifies proper HTML escaping of special characters in relayState, confirming this was the attack surface.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| com.linecorp.centraldogma:centraldogma-server | maven | < 0.64.0 | 0.64.0 |
Ongoing coverage of React2Shell