-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.11.5 | 1.11.5 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the original implementation's failure to restore DisableImplicitFlags after calling JavaScript code via JavascriptFunction::CallRootFunctionInScript. The patch introduces an AutoRestoreFlags RAII guard to properly save/restore both ImplicitCallFlags and DisableImplicitFlags. The exploit demonstrates how this flaw allowed leaking stack-allocated objects through property getters after the flags were improperly cleared, enabling memory corruption. The CWE-787 (OOB Write) classification aligns with the UAF-triggered memory corruption mechanism.