-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScript| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| @cdr0/sg | npm | <= 1.0.10 |
Miggo AIRoot Cause AnalysisThe PoC demonstrates prototype pollution via lib.default.setOn() with 'proto.polluted' path. The vulnerability report specifically references ref.js line 89 as the location of the vulnerable code. The setOn function appears to handle property paths without sanitizing prototype-related keywords, enabling attackers to modify Object.prototype properties through crafted input.
Ongoing coverage of React2Shell