GHSA-rm8g-7g54-w6fh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rm8g-7g54-w6fh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rm8g-7g54-w6fh/GHSA-rm8g-7g54-w6fh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rm8g-7g54-w6fh
- Aliases
-
- CVE-2017-0235
- Published
- 2022-05-17T02:44:21Z
- Modified
- 2024-02-16T08:00:31.519138Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ChakraCore RCE Vulnerability
- Details
-
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.
- Database specific
{ "nvd_published_at": "2017-05-12T14:29:00Z", "cwe_ids": [ "CWE-119" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-27T21:04:20Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-0235
- https://github.com/chakra-core/ChakraCore/pull/2959
- https://github.com/chakra-core/ChakraCore/commit/f022afb8246acc98e74a887bb655ac512caf6e72
- https://github.com/chakra-core/ChakraCore
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0235
- https://web.archive.org/web/20210124044045/http://www.securityfocus.com/bid/98230
Affected packages
NuGet / Microsoft.ChakraCore
Package
- Name
- Microsoft.ChakraCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.ChakraCore