-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| grunt-util-property | npm | <= 0.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from the call function demonstrated in the PoC (b.call({}, 'proto.toString', 123)). This function processes user-controlled property paths and recursively sets nested properties without checking for prototype pollution vectors like __proto__. The GitHub advisory explicitly references line 41 of main.js, which likely contains the unsafe property assignment logic. The Snyk PoC and CWE-1321 classification confirm this is a classic prototype pollution scenario caused by uncontrolled property path handling.