Lucene search

GitHub Advisory DatabaseGHSA-5HXP-3237-J2HP

HistoryMay 13, 2022 - 1:20 a.m.

ChakraCore RCE Vulnerability

2022-05-1301:20:40

CWE-125

GitHub Advisory Database

github.com

0.956 High

EPSS

Percentile

99.4%

JSON

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.

CPENameOperatorVersion
microsoft.chakracorelt1.8.4

CPE	Name	Operator	Version
	microsoft.chakracore	lt	1.8.4

References

github.com/advisories/GHSA-5hxp-3237-j2hp

github.com/chakra-core/ChakraCore/commit/ee5dfabc51728f97f6d69e89c88af088251b6b76

nvd.nist.gov/vuln/detail/CVE-2018-8139

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8139

web.archive.org/web/20210124164247/www.securityfocus.com/bid/103977

web.archive.org/web/20211204185256/www.securitytracker.com/id/1040844

www.exploit-db.com/exploits/45012/

0.956 High

EPSS

Percentile

99.4%

JSON

Related for GHSA-5HXP-3237-J2HP