Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1wanByLTJxcXAtZ3ByZs4AAbSy

ChakraCore information disclosure vulnerability

An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."

Permalink: https://github.com/advisories/GHSA-pjpr-2qqp-gprf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wanByLTJxcXAtZ3ByZs4AAbSy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 6 months ago

CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Identifiers: GHSA-pjpr-2qqp-gprf, CVE-2017-0208
References:

• https://nvd.nist.gov/vuln/detail/CVE-2017-0208
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208
• https://github.com/chakra-core/ChakraCore/pull/2834
• https://github.com/chakra-core/ChakraCore/commit/54d6d085987e2c399863940179db67b594d7f0a3
• https://web.archive.org/web/20210124023848/http://www.securityfocus.com/bid/97460
• https://web.archive.org/web/20211201121401/http://www.securitytracker.com/id/1038234
• https://github.com/advisories/GHSA-pjpr-2qqp-gprf

Repository: https://github.com/chakra-core/ChakraCore
Blast Radius: 1.0

Affected Packages