-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ai | npm | < 5.0.52 | 5.0.52 |
| ai | npm | >= 5.1.0-beta.0, < 5.1.0-beta.9 | 5.1.0-beta.9 |
Miggo AIRoot Cause AnalysisThe vulnerability is a filetype whitelist bypass in Vercel's AI SDK, caused by incorrect index handling when processing multiple file downloads where some might fail. The core of the issue is in the downloadAssets function located in packages/ai/src/prompt/convert-to-language-model-prompt.ts. The original implementation would first filter out any failed downloads from an array of results and then map the remaining successful downloads to their original URLs. This filter-then-map approach led to an index mismatch between the filtered results and the original list of planned downloads. Consequently, if a file at index i failed to download, the content of the file at index i+1 would be incorrectly associated with the URL of the file at index i. An attacker could exploit this by providing a URL for a disallowed file type that is guaranteed to fail, followed by a URL to a malicious file disguised as an allowed type. The SDK would then incorrectly associate the malicious content with the whitelisted URL, bypassing security checks. The patch rectifies this by using a map-then-filter approach, ensuring that content is correctly mapped to its URL using the proper index before any failed downloads are removed from the list. The convertToLanguageModelPrompt function is the public API that calls downloadAssets, making it a key part of the exploitation path.