-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.10.1 | 1.10.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the improper management of ImplicitCallFlags during Intl object initialization. The original code cleared ImplicitCallFlags and restored them after calling JavascriptFunction::CallRootFunctionInScript, which disabled JIT safety mechanisms. The patch replaced this with ExecuteImplicitCall, ensuring proper flag handling. The vulnerable code path allowed attackers to bypass ImplicitCallFlags checks, enabling memory corruption via crafted Intl initialization sequences. The file and function context are confirmed by the commit diff and CVE analysis.