Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1mdjhtLXA0NXctZ2YzOM4AASie

High EPSS: 0.14729% (0.94171 Percentile) EPSS:
Permalink JSON

ChakraCore RCE Vulnerability

Affected Packages Affected Versions Fixed Versions
nuget:Microsoft.ChakraCore < 1.8.0 1.8.0
1 Dependent packages
0 Dependent repositories
1,141,105 Downloads total

Affected Version Ranges

All affected versions

1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6

All unaffected versions

1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24

Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".

References:

Identifiers

GHSA-fv8m-p45w-gf38

CVE-2018-0818

Risk

Severity

High

EPSS

EPSS Percentage: 0.14729

EPSS Percentile: 0.94171

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/chakra-core/ChakraCore

Date and time

Published

about 3 years ago

Updated

almost 2 years ago

API

JSON