-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| is-url | npm | < 1.2.3 | 1.2.3 |
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability stemmed from the original regex implementation in the isUrl function. The commit diff shows the regex was split into protocol validation (protocolAndDomainRE) and separate domain validation patterns (localhostDomainRE/nonLocalhostDomainRE) to prevent catastrophic backtracking. The pre-patch test file also adds a ReDoS exploit test case demonstrating the vulnerability in the original implementation. The function's direct use of the vulnerable regex pattern and the explicit security fix in the commit confirm this as the entry point.
Ongoing coverage of React2Shell