GHSA-93c7-2942-3h47
Suggest an improvement- Source
- https://github.com/advisories/GHSA-93c7-2942-3h47
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-93c7-2942-3h47/GHSA-93c7-2942-3h47.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-93c7-2942-3h47
- Aliases
-
- CVE-2018-8315
- Published
- 2022-05-14T02:03:04Z
- Modified
- 2024-02-16T08:24:09.445212Z
- Severity
-
- 4.2 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- ChakraCore information disclosure vulnerability
- Details
-
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
- Database specific
{ "nvd_published_at": "2018-09-13T00:29:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-25T19:29:48Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-8315
- https://github.com/chakra-core/ChakraCore/pull/5688
- https://github.com/chakra-core/ChakraCore/commit/e03b3e30160ac5846b246931634962ce6bd1db83
- https://github.com/chakra-core/ChakraCore
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8315
- https://web.archive.org/web/20210124203128/http://www.securityfocus.com/bid/105251
- https://web.archive.org/web/20211206083609/https://securitytracker.com/id/1041623
Affected packages
NuGet / Microsoft.ChakraCore
Package
- Name
- Microsoft.ChakraCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.ChakraCore