Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02cDdxLTg1cXEtN2M0M84AAbWU

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

Permalink: https://github.com/advisories/GHSA-6p7q-85qq-7c43
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cDdxLTg1cXEtN2M0M84AAbWU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 6 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Identifiers: GHSA-6p7q-85qq-7c43, CVE-2017-0234
References:

Repository: https://github.com/chakra-core/ChakraCore
Blast Radius: 1.0

Affected Packages

nuget:Microsoft.ChakraCore

Dependent packages: 0
Dependent repositories: 0
Downloads: 960,525 total
Affected Version Ranges: < 1.4.4
Fixed in: 1.4.4
All affected versions: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3
All unaffected versions: 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24