-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| unzip-stream | npm | < 0.3.2 | 0.3.2 |
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability stems from insufficient path sanitization in the _prepareOutStream method. The commit diff shows the critical fix was modifying the path sanitization regex pattern in this function. The original regex (^([/\][.]+[/\]+)[/\]*) only removed leading dot/slash sequences, while the patched regex ((?<=^|[/\]+)[.][.]+(?=[/\]+|$)) specifically targets and replaces parent directory traversal sequences anywhere in the path. This function directly handles path normalization before file extraction, making it the vulnerable entry point.
Ongoing coverage of React2Shell