-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| anon-vec | rust | <= 0.1.1 |
RustRustMiggo AIRoot Cause AnalysisThe vulnerability lies in the anon-vec crate, specifically within three public API functions: AnonVec::get_ref(), AnonVec::get_mut(), and AnonVec::remove_get(). According to the RustSec advisory RUSTSEC-2025-0039 and the GitHub advisory GHSA-pr59-jjr4-gcf6, these functions do not perform sufficient checks on their arguments. This lack of input validation can lead to unsound behavior, potentially causing memory corruption if the functions are called with invalid arguments. The crate is unmaintained, and no patch is available. The file path src/lib.rs is assumed as the standard location for Rust library code, although it could not be confirmed by fetching the file content due to repository access issues.
Ongoing coverage of React2Shell