GSA_kwCzR0hTQS05M2M3LTI5NDItM2g0N84AAU7a

Moderate EPSS: 0.01345% (0.79492 Percentile) EPSS:

Permalink JSON

ChakraCore information disclosure vulnerability

Affected Packages	Affected Versions	Fixed Versions
nuget:Microsoft.ChakraCore PURL: `pkg:nuget/Microsoft.ChakraCore`	< 1.11.1	1.11.1
1 Dependent packages 0 Dependent repositories 1,245,202 Downloads total Affected Version Ranges All affected versions 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0 All unaffected versions 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.

References:

Identifiers

GHSA-93c7-2942-3h47

CVE-2018-8315

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.01345

EPSS Percentile: 0.79492

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/chakra-core/ChakraCore

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories