Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS00NDhoLTdobXAtOTlmZ84AAbWe

Critical EPSS: 0.36015% (0.96768 Percentile) EPSS:
Permalink JSON

ChakraCore RCE Vulnerability

Affected Packages Affected Versions Fixed Versions
nuget:Microsoft.ChakraCore < 1.4.4 1.4.4
1 Dependent packages
0 Dependent repositories
1,141,105 Downloads total

Affected Version Ranges

All affected versions

1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3

All unaffected versions

1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.

References:

Identifiers

GHSA-448h-7hmp-99fg

CVE-2017-0223

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.36015

EPSS Percentile: 0.96768

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Microsoft/ChakraCore

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON