Lucene search

GitHub Advisory DatabaseGHSA-W3QR-8V4R-592M

HistoryMay 13, 2022 - 1:53 a.m.

ChakraCore information disclosure vulnerability

2022-05-1301:53:42

CWE-200

GitHub Advisory Database

github.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka “Scripting Engine Information Disclosure Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge.

CPENameOperatorVersion
microsoft.chakracorelt1.11.1

CPE	Name	Operator	Version
	microsoft.chakracore	lt	1.11.1

References

github.com/advisories/GHSA-w3qr-8v4r-592m

github.com/chakra-core/ChakraCore/commit/3f3544801cc01e9f54cab84b20602a3b5e29c3ef

nvd.nist.gov/vuln/detail/CVE-2018-8452

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8452

web.archive.org/web/20210124203129/www.securityfocus.com/bid/105252

web.archive.org/web/20221128100304/www.securitytracker.com/id/1041623

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

Related for GHSA-W3QR-8V4R-592M