CVE-2019-0746 – microsoft.chakracore

Package

Manager: nuget
Name: microsoft.chakracore
Vulnerable Version: >=0 <1.11.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.22506 pctl0.95627

Details

Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.

Metadata

Created: 2019-04-09T19:43:38Z
Modified: 2022-09-17T00:21:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-jhx3-2w5x-x39x/GHSA-jhx3-2w5x-x39x.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-jhx3-2w5x-x39x
Finding: F038
Auto approve: 1