CVE-2017-0252 – microsoft.chakracore

Package

Manager: nuget
Name: microsoft.chakracore
Vulnerable Version: >=0 <1.4.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.24319 pctl0.95883

Details

ChakraCore RCE Vulnerability A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223.

Metadata

Created: 2022-05-17T02:44:02Z
Modified: 2023-10-24T13:07:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ghwq-7v3r-5433/GHSA-ghwq-7v3r-5433.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-ghwq-7v3r-5433
Finding: F316
Auto approve: 1