-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.4.4 | 1.4.4 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from improper validation of 'then' and 'catch' handlers in promise resolution. The patch added checks (JavascriptConversion::IsCallable) to ensure these handlers are functions before invocation. The original code in AsyncSpawnStep and CreatePromiseAsyncSpawnStepArgumentExecutorFunction lacked these checks, allowing attackers to substitute handlers with arbitrary values (e.g., via prototype pollution), leading to memory corruption and RCE. The test case (bug11026788.js) demonstrates this by overriding 'then' with an integer, which would crash without the validation.
Ongoing coverage of React2Shell