-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability is explicitly tied to _.mergeDeep in the CVE title and PoC examples. Additional functions (_ModuleSupport.jsonApply, _ModuleSupport.setPath, _Util.jsonApply) are documented in enterprise package Gists as attack vectors. All listed functions handle object merging/path assignment without proper prototype protection, as demonstrated by reproducible PoCs. The AG Grid team's patch (PR #8290) confirms fixes to key handling in merge operations, validating these functions as vulnerable.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ag-grid-enterprise | npm | < 31.3.4 | 31.3.4 |
| ag-grid-community | npm | < 31.3.4 | 31.3.4 |
Ongoing coverage of React2Shell