-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.11.1 | 1.11.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing array index masking in asm.js/WASM array operations. The patch introduces InsertMaskableMove to add poisoning guards. The original vulnerable functions (LowerLdArrViewElem, LowerLdArrViewElemWasm, LowerStArrViewElem) directly used InsertMove without these guards, enabling out-of-bounds writes (CWE-787). The commit diff shows these functions were modified to use the new guarded method, confirming they were the attack surface.