GHSA-6c6r-39cv-x5fq

Source

https://github.com/advisories/GHSA-6c6r-39cv-x5fq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6c6r-39cv-x5fq/GHSA-6c6r-39cv-x5fq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6c6r-39cv-x5fq

Aliases

CVE-2019-0649

Published

2022-05-13T01:21:26Z

Modified

2024-12-02T05:46:22.258440Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Chakra JIT server Privilege Escalation

Details

A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileges Vulnerability'.

Database specific

{
    "nvd_published_at": "2019-03-05T23:29:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-19T18:48:44Z"
}

References

Affected packages

NuGet / Microsoft.ChakraCore

Package

Name: Microsoft.ChakraCore; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.ChakraCore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.6

Affected versions

1.*

1.2.0

1.2.1

1.2.2

1.2.3

1.2.6.62716-preview

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.2

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.10.0

1.10.1

1.10.2

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5