Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oNmczLTczaDctY2h4cM4AAVbs

High EPSS: 0.22641% (0.9561 Percentile) EPSS:
Permalink JSON

ChakraCore RCE Vulnerability

Affected Packages Affected Versions Fixed Versions
nuget:Microsoft.ChakraCore < 1.2.0.0 1.2.0.0
1 Dependent packages
0 Dependent repositories
1,141,105 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24

The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

References:

Identifiers

GHSA-h6g3-73h7-chxp

CVE-2016-3260

Risk

Severity

High

EPSS

EPSS Percentage: 0.22641

EPSS Percentile: 0.9561

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/chakra-core/ChakraCore

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON