-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability explicitly lists ToBuffer, ToString, and CharAt as entry points. Code analysis shows these functions use napi_create_string_utf16 with unvalidated indexes. The PoC demonstrates exploitation via negative indexes, confirming improper bounds checking. All three functions handle memory offsets without validating input ranges, enabling access to previously allocated memory regions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| node-stringbuilder | npm | <= 2.2.7 |