GHSA-wg47-6cqc-q52j

Suggest an improvement
Source
https://github.com/advisories/GHSA-wg47-6cqc-q52j
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wg47-6cqc-q52j/GHSA-wg47-6cqc-q52j.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wg47-6cqc-q52j
Aliases
  • CVE-2018-8276
Published
2022-05-13T01:53:37Z
Modified
2024-02-16T08:08:39.474259Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
ChakraCore Security Bypass
Details

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.

References

Affected packages

NuGet / Microsoft.ChakraCore

Package

Name
Microsoft.ChakraCore
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.ChakraCore

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.1

Affected versions

1.*

1.2.0
1.2.1
1.2.2
1.2.3
1.2.6.62716-preview
1.3.0
1.3.1
1.3.2
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.5.3
1.6.0
1.6.2
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.10.0