Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wanByLTJxcXAtZ3ByZs4AAbSy
ChakraCore information disclosure vulnerability
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
Permalink: https://github.com/advisories/GHSA-pjpr-2qqp-gprfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wanByLTJxcXAtZ3ByZs4AAbSy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Percentage: 0.13642
EPSS Percentile: 0.95709
Identifiers: GHSA-pjpr-2qqp-gprf, CVE-2017-0208
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-0208
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208
- https://github.com/chakra-core/ChakraCore/pull/2834
- https://github.com/chakra-core/ChakraCore/commit/54d6d085987e2c399863940179db67b594d7f0a3
- https://web.archive.org/web/20210124023848/http://www.securityfocus.com/bid/97460
- https://web.archive.org/web/20211201121401/http://www.securitytracker.com/id/1038234
- https://github.com/advisories/GHSA-pjpr-2qqp-gprf
Blast Radius: 1.0
Affected Packages
nuget:Microsoft.ChakraCore
Dependent packages: 1Dependent repositories: 0
Downloads: 989,682 total
Affected Version Ranges: < 1.4.3
Fixed in: 1.4.3
All affected versions: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2
All unaffected versions: 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12, 1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24