-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| marscode | npm | <= 1.0.1-0 |
Miggo AIRoot Cause AnalysisThe vulnerability description explicitly states there's no path sanitization in the fs.readFile call in index.js. Multiple sources (GitHub Advisory, NVD, Snyk) confirm the path parameter to fs.readFile is vulnerable to traversal attacks. The PoC demonstrates exploitation via crafted paths, directly implicating this function. No other functions are mentioned in the advisory materials.
JavaScriptJavaScriptOngoing coverage of React2Shell