-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| morgan-json | npm | <= 1.1.0 |
Miggo AIRoot Cause AnalysisThe advisory explicitly references line 46 in index.js where user-controlled input is passed to the Function constructor without sanitization. This pattern matches classic Code Injection vulnerabilities (CWE-94) where dynamic code evaluation accepts untrusted input. The provided PoC demonstrates execution context escape through crafted input, confirming the attack vector.
Ongoing coverage of React2Shell