GHSA-jhx3-2w5x-x39x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jhx3-2w5x-x39x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/04/GHSA-jhx3-2w5x-x39x/GHSA-jhx3-2w5x-x39x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jhx3-2w5x-x39x
- Aliases
- Published
- 2019-04-09T19:43:38Z
- Modified
- 2023-11-08T04:00:33.395697Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
- Details
-
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.
- Database specific
{ "cwe_ids": [ "CWE-200" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:43:36Z", "nvd_published_at": null, "severity": "MODERATE" }- References
Affected packages
NuGet / Microsoft.ChakraCore
Package
- Name
- Microsoft.ChakraCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.ChakraCore
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.11.7
Affected versions
1.*
1.2.0
1.2.1
1.2.2
1.2.3
1.2.6.62716-preview
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.2
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6