CVE-2017-0223 – microsoft.chakracore

Package

Manager: nuget
Name: microsoft.chakracore
Vulnerable Version: >=0 <1.4.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.36015 pctl0.9698

Details

ChakraCore RCE Vulnerability A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.

Metadata

Created: 2022-05-17T02:35:05Z
Modified: 2023-10-24T12:58:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-448h-7hmp-99fg/GHSA-448h-7hmp-99fg.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-448h-7hmp-99fg
Finding: F316
Auto approve: 1