GHSA-jgrp-6qqq-3284

Source

https://github.com/advisories/GHSA-jgrp-6qqq-3284

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jgrp-6qqq-3284/GHSA-jgrp-6qqq-3284.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jgrp-6qqq-3284

Aliases

CVE-2021-42279

Published

2022-05-24T19:20:22Z

Modified

2023-11-08T04:07:05.468205Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption

Details

Chakra Scripting Engine and ChakraCore are vulnerable to memory corruption due to an out-of-bounds write. The Microsoft advisory for CVE-2021-42279 was modified in August 2022 to include Microsoft.ChakraCore as an affected product.

Database specific

{
    "nvd_published_at": "2021-11-10T01:19:00Z",
    "github_reviewed_at": "2022-08-30T20:17:18Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-787"
    ]
}

References

Affected packages

NuGet / Microsoft.ChakraCore

Package

Name: Microsoft.ChakraCore; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.ChakraCore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.11.24

Affected versions

1.*

1.2.0

1.2.1

1.2.2

1.2.3

1.2.6.62716-preview

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.2

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.10.0

1.10.1

1.10.2

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16

1.11.17

1.11.18

1.11.19

1.11.20

1.11.21

1.11.22

1.11.23

1.11.24