-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| monorepo-build | npm | <= 0.1.9 |
Miggo AIRoot Cause AnalysisThe PoC demonstrates command injection through the build() function by passing untrusted arguments containing shell operators. This indicates the function likely uses user inputs directly in shell commands without proper sanitization. While no source code is available, the demonstrated exploit pattern and CWE-77 classification strongly implicate the build function as the injection vector.
Ongoing coverage of React2Shell