-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @akbr/update | npm | <= 1.0.0 |
Miggo AIRoot Cause AnalysisThe PoC demonstrates pollution through lib.default() call (main export) with 'proto' in the path array. The advisory explicitly mentions vulnerability in update/index.js, and the line 42 reference in the Gist suggests the core update logic is vulnerable. The function appears to recursively set properties without prototype pollution protections, allowing attackers to modify Object.prototype through special property names.