-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| git-archive | npm | <= 0.1.4 |
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe advisory explicitly states the vulnerability exists in the 'exports' function. Command injection vulnerabilities typically occur when user input is improperly sanitized before being used in command execution. Given the package's purpose (git archiving) and the CWE-77 classification, the exports function likely uses user-supplied parameters to build OS commands without proper validation/sanitization. While the exact code isn't available, multiple authoritative sources (GitHub Advisory, NVD, Snyk) all attribute the vulnerability to this specific function.