CVE-2017-8659 – microsoft.chakracore

Package

Manager: nuget
Name: microsoft.chakracore
Vulnerable Version: >=0 <1.6.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.12825 pctl0.93779

Details

ChakraCore information disclosure vulnerability Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

Metadata

Created: 2022-05-17T02:13:52Z
Modified: 2023-10-24T12:57:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h6m7-jphx-f9p5/GHSA-h6m7-jphx-f9p5.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-h6m7-jphx-f9p5
Finding: F310
Auto approve: 1