-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nodebatis | npm | < 2.2.0 | 2.2.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper SQL identifier escaping in SQL generation functions. The patch adds sqlstring.escapeId() calls to table/column names in these functions. Pre-patch versions directly interpolated user inputs into SQL identifiers without sanitization, enabling SQL injection if attackers control table/column names or WHERE clause identifiers. The commit message explicitly references fixing SQL injection in sqlBuilder, and CWE-89 confirms the SQL injection pattern.