GSA_kwCzR0hTQS05aGpnLWo5ODMtbXFjY84AAkwK

High EPSS: 0.04538% (0.88505 Percentile) EPSS:

Permalink JSON

ChakraCore RCE Vulnerability

Affected Packages	Affected Versions	Fixed Versions
nuget:Microsoft.ChakraCore	< 1.11.19	1.11.19
1 Dependent packages 0 Dependent repositories 1,141,105 Downloads total Affected Version Ranges All affected versions 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18 All unaffected versions 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'.

References:

Identifiers

GHSA-9hjg-j983-mqcc

CVE-2020-1065

Risk

Severity

High

EPSS

EPSS Percentage: 0.04538

EPSS Percentile: 0.88505

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/chakra-core/ChakraCore

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories