CVE-2018-8452 – microsoft.chakracore

Package

Manager: nuget
Name: microsoft.chakracore
Vulnerable Version: >=0 <1.11.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05124 pctl0.89458

Details

ChakraCore information disclosure vulnerability An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.

Metadata

Created: 2022-05-13T01:53:42Z
Modified: 2023-10-06T15:22:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3qr-8v4r-592m/GHSA-w3qr-8v4r-592m.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-w3qr-8v4r-592m
Finding: F310
Auto approve: 1