GHSA-pjpr-2qqp-gprf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pjpr-2qqp-gprf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pjpr-2qqp-gprf/GHSA-pjpr-2qqp-gprf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pjpr-2qqp-gprf
- Aliases
-
- CVE-2017-0208
- Published
- 2022-05-17T02:32:54Z
- Modified
- 2024-02-16T08:21:01.995836Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- ChakraCore information disclosure vulnerability
- Details
-
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
- Database specific
{ "nvd_published_at": "2017-04-12T14:59:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-27T21:00:47Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-0208
- https://github.com/chakra-core/ChakraCore/pull/2834
- https://github.com/chakra-core/ChakraCore/commit/54d6d085987e2c399863940179db67b594d7f0a3
- https://github.com/chakra-core/ChakraCore
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208
- https://web.archive.org/web/20210124023848/http://www.securityfocus.com/bid/97460
- https://web.archive.org/web/20211201121401/http://www.securitytracker.com/id/1038234
Affected packages
NuGet / Microsoft.ChakraCore
Package
- Name
- Microsoft.ChakraCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.ChakraCore