GHSA-jgrp-6qqq-3284

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jgrp-6qqq-3284/GHSA-jgrp-6qqq-3284.json

Aliases

CVE-2021-42279

Published

2022-05-24T19:20:22Z

Modified

2023-03-15T05:46:07.081162Z

Details

Chakra Scripting Engine and ChakraCore are vulnerable to memory corruption due to an out-of-bounds write. The Microsoft advisory for CVE-2021-42279 was modified in August 2022 to include Microsoft.ChakraCore as an affected product.

References

Affected packages

NuGet / Microsoft.ChakraCore

Microsoft.ChakraCore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Affected versions

1.*

1.10.0

1.10.1

1.10.2

1.11.0

1.11.1

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16

1.11.17

1.11.18

1.11.19

1.11.2

1.11.20

1.11.21

1.11.22

1.11.23

1.11.24

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.2.0

1.2.1

1.2.2

1.2.3

1.2.6.62716-preview

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.2

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

Database specific

{
    "last_known_affected_version_range": "<= 1.11.24"
}