GHSA-vvvh-5xrm-pxff

Source

https://github.com/advisories/GHSA-vvvh-5xrm-pxff

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vvvh-5xrm-pxff/GHSA-vvvh-5xrm-pxff.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vvvh-5xrm-pxff

Aliases

CVE-2020-0813

Published

2022-05-24T22:28:59Z

Modified

2024-11-28T05:24:18.343248Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

ChakraCore information disclosure vulnerability

Details

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

Database specific

{
    "nvd_published_at": "2020-03-12T16:15:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-12T22:57:53Z"
}

References

Affected packages

NuGet / Microsoft.ChakraCore

Package

Name: Microsoft.ChakraCore; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.ChakraCore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.17

Affected versions

1.*

1.2.0

1.2.1

1.2.2

1.2.3

1.2.6.62716-preview

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.2

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.10.0

1.10.1

1.10.2

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.11.10

1.11.11

1.11.12

1.11.13

1.11.14

1.11.15

1.11.16