GHSA-wg47-6cqc-q52j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wg47-6cqc-q52j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wg47-6cqc-q52j/GHSA-wg47-6cqc-q52j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wg47-6cqc-q52j
- Aliases
-
- CVE-2018-8276
- Published
- 2022-05-13T01:53:37Z
- Modified
- 2024-11-30T05:27:45.700124Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- ChakraCore Security Bypass
- Details
-
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
- Database specific
{ "nvd_published_at": "2018-07-11T00:29:00Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-24T20:14:01Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-8276
- https://github.com/chakra-core/ChakraCore/commit/4196f8097afdcc5fe01ce2966871712fb24003a3
- https://github.com/chakra-core/ChakraCore
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276
- https://web.archive.org/web/20210124183457/http://www.securityfocus.com/bid/104626
- https://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256
Affected packages
NuGet / Microsoft.ChakraCore
Package
- Name
- Microsoft.ChakraCore
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.ChakraCore