Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5OXItajk2OS02andy

High EPSS: 0.04538% (0.88679 Percentile) EPSS:
Permalink JSON

Out-of-bounds write

Affected Packages Affected Versions Fixed Versions
nuget:Microsoft.ChakraCore
PURL: pkg:nuget/Microsoft.ChakraCore
< 1.11.13 1.11.13
1 Dependent packages
0 Dependent repositories
1,386,877 Downloads total

Affected Version Ranges

All affected versions

1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10, 1.11.11, 1.11.12

All unaffected versions

1.11.13, 1.11.14, 1.11.15, 1.11.16, 1.11.17, 1.11.18, 1.11.19, 1.11.20, 1.11.21, 1.11.22, 1.11.23, 1.11.24

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300.

References:

Identifiers

GHSA-q99r-j969-6jwr

CVE-2019-1237

Risk

Severity

High

EPSS

EPSS Percentage: 0.04538

EPSS Percentile: 0.88679

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/chakra-core/ChakraCore

Date and time

Published

over 4 years ago

Updated

21 days ago

API

JSON