CVE-2018-8276 – microsoft.chakracore

Package

Manager: nuget
Name: microsoft.chakracore
Vulnerable Version: >=0 <1.10.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.10679 pctl0.93034

Details

ChakraCore Security Bypass A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.

Metadata

Created: 2022-05-13T01:53:37Z
Modified: 2023-10-06T15:22:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wg47-6cqc-q52j/GHSA-wg47-6cqc-q52j.json
CWE IDs: []
Alternative ID: GHSA-wg47-6cqc-q52j
Finding: F115
Auto approve: 1