-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability description explicitly states the attack vector is the metadata() function. CWE-78 (OS Command Injection) typically occurs when user input is directly incorporated into system commands without proper sanitization. While no code samples are provided, multiple authoritative sources (NVD, GHSA, Checkmarx) specifically identify metadata() as the vulnerable entry point. The lack of patched versions and commit diffs prevents deeper analysis, but the consistent function-specific attribution across sources justifies high confidence.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| s3-uploader | npm | <= 2.0.3 |