Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS05M2M3LTI5NDItM2g0N84AAU7a

ChakraCore information disclosure vulnerability

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.

Permalink: https://github.com/advisories/GHSA-93c7-2942-3h47
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05M2M3LTI5NDItM2g0N84AAU7a
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago

CVSS Score: 4.2
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Identifiers: GHSA-93c7-2942-3h47, CVE-2018-8315
References:

Repository: https://github.com/chakra-core/ChakraCore
Blast Radius: 1.0

Affected Packages

nuget:Microsoft.ChakraCore

Dependent packages: 1
Dependent repositories: 0
Downloads: 986,646 total
Affected Version Ranges: < 1.11.1
Fixed in: 1.11.1
All affected versions: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0
All unaffected versions: 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24