-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| chrome-launcher | npm | < 0.13.2 | 0.13.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized use of environment variables in regular expression construction. The chrome-finder.ts file's path resolution logic directly interpolated $HOME into regex patterns without escaping special characters. This allowed command injection via environment variable manipulation, as shown in the Snyk PoC where $HOME contains malicious commands. The GitHub PR #197 specifically addresses this by adding regex escaping for environment variables, confirming these functions were the attack surface.
Ongoing coverage of React2Shell