-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe commit diff and vulnerability descriptions reveal pattern-specific fixes: 1) Added EnsureNonNativeArray conversions in array operations 2) Post-creation array type validation 3) Call flag verification in eval 4) Length revalidation after species creation. These directly correspond to CWE-119 memory corruption scenarios through type confusion and heap overflow in array manipulation primitives. Test cases demonstrate exploitation through [Symbol.species] manipulation and prototype pollution.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.2.2 | 1.2.2 |