-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.8.2 | 1.8.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the missing TrackAssignment call for knopAsg nodes in GetRightSideNodeFromPattern. The GitHub patch explicitly adds this handling (TrackAssignment<true>(pnode->sxBin.pnode1, nullptr)) for assignment operations in object destructuring patterns. This omission in the original code would leave memory references improperly tracked, creating conditions for memory corruption (CWE-787) and information leakage. The direct correlation between the patch and the CWE classification confirms this function's role in the vulnerability.