GHSA-h6g3-73h7-chxp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h6g3-73h7-chxp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h6g3-73h7-chxp/GHSA-h6g3-73h7-chxp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h6g3-73h7-chxp
- Aliases
-
- CVE-2016-3260
- Published
- 2022-05-14T02:24:15Z
- Modified
- 2023-11-08T03:58:26.415176Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ChakraCore RCE Vulnerability
- Details
-
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
- Database specific
{ "nvd_published_at": "2016-07-13T01:59:00Z", "cwe_ids": [ "CWE-119" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-31T20:25:25Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-3260
- https://github.com/chakra-core/ChakraCore/pull/1291
- https://github.com/chakra-core/ChakraCore/commit/17f3d4a4852dcc9e48de7091685b1862afb9f307
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085
- https://github.com/chakra-core/ChakraCore
- https://web.archive.org/web/20210123150650/http://www.securityfocus.com/bid/91580
- https://web.archive.org/web/20211202003833/http://www.securitytracker.com/id/1036283
Affected packages
NuGet / Microsoft.ChakraCore
Package
- Name
- Microsoft.ChakraCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.ChakraCore