GHSA-w3qr-8v4r-592m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w3qr-8v4r-592m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3qr-8v4r-592m/GHSA-w3qr-8v4r-592m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w3qr-8v4r-592m
- Aliases
-
- CVE-2018-8452
- Published
- 2022-05-13T01:53:42Z
- Modified
- 2024-02-16T08:03:54.241096Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- ChakraCore information disclosure vulnerability
- Details
-
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
- Database specific
{ "nvd_published_at": "2018-09-13T00:29:00Z", "cwe_ids": [ "CWE-200" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-24T20:22:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-8452
- https://github.com/chakra-core/ChakraCore/commit/3f3544801cc01e9f54cab84b20602a3b5e29c3ef
- https://github.com/chakra-core/ChakraCore
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8452
- https://web.archive.org/web/20210124203129/http://www.securityfocus.com/bid/105252
- https://web.archive.org/web/20221128100304/http://www.securitytracker.com/id/1041623
Affected packages
NuGet / Microsoft.ChakraCore
Package
- Name
- Microsoft.ChakraCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.ChakraCore