Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12dnZoLTV4cm0tcHhmZs4AArKA
ChakraCore information disclosure vulnerability
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.
Permalink: https://github.com/advisories/GHSA-vvvh-5xrm-pxffJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12dnZoLTV4cm0tcHhmZs4AArKA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 3 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-vvvh-5xrm-pxff, CVE-2020-0813
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-0813
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813
- https://github.com/chakra-core/ChakraCore/pull/6385
- https://github.com/chakra-core/ChakraCore/pull/6385/commits/e6abd1d110442e6357351c23a7f882f83e4bbe4d
- https://github.com/advisories/GHSA-vvvh-5xrm-pxff
Affected Packages
nuget:Microsoft.ChakraCore
Versions: < 1.11.17Fixed in: 1.11.17