Lucene search

GitHub Advisory DatabaseGHSA-294J-R53X-W786

HistoryMay 14, 2022 - 2:23 a.m.

ChakraCore RCE Vulnerability

2022-05-1402:23:11

CWE-119

GitHub Advisory Database

github.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.5%

JSON

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3386, CVE-2016-7190, and CVE-2016-7194.

Affected configurations

Vulners

Node

github_advisory_databasemicrosoft.chakracoreRange<1.2.1

CPENameOperatorVersion
microsoft.chakracorelt1.2.1

CPE	Name	Operator	Version
	microsoft.chakracore	lt	1.2.1

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119

github.com/advisories/GHSA-294j-r53x-w786

github.com/chakra-core/ChakraCore/commit/f05c42e64c3b2d057ae1a52fe1917af26c9f2737

github.com/chakra-core/ChakraCore/pull/1737

nvd.nist.gov/vuln/detail/CVE-2016-3389

web.archive.org/web/20210123174706/www.securityfocus.com/bid/93398

web.archive.org/web/20211208062350/www.securitytracker.com/id/1036993

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.5%

JSON

Related for GHSA-294J-R53X-W786