Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-WC43-7WJ6-4GGR
HistoryAug 02, 2021 - 5:29 p.m.

Remote code execution in ChakraCore

2021-08-0217:29:09
CWE-787
GitHub Advisory Database
github.com
37

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.5%

JSON

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172.

CPENameOperatorVersion
microsoft.chakracorelt1.11.22

Related

osv 6
github 2
kaspersky 1
mscve 3
cve 3
veracode 2
prion 3
nessus 7
mskb 7
avleonov 1
osv
osv
Remote code execution in ChakraCore
2021-08-02 17:28:53
Remote code execution in ChakraCore
2021-08-02 17:29:01
Remote code execution in ChakraCore
2021-08-02 17:29:09
github
github
Remote code execution in ChakraCore
2021-08-02 17:28:53
Remote code execution in ChakraCore
2021-08-02 17:29:01
kaspersky
kaspersky
KLA11954 Multiple vulnerabilities in Microsoft Browsers
2020-09-08 00:00:00
mscve
mscve
Scripting Engine Memory Corruption Vulnerability
2020-09-08 07:00:00
Scripting Engine Memory Corruption Vulnerability
2020-09-08 07:00:00
Scripting Engine Memory Corruption Vulnerability
2020-09-08 07:00:00
cve
cve
CVE-2020-1057
2020-09-11 17:15:00
CVE-2020-1180
2020-09-11 17:15:00
CVE-2020-1172
2020-09-11 17:15:00
veracode
veracode
Remote Code Execution (RCE)
2020-09-14 04:26:30
Remote Code Execution (RCE)
2020-09-14 04:33:15
prion
prion
Remote code execution
2020-09-11 17:15:00
Remote code execution
2020-09-11 17:15:00
Remote code execution
2020-09-11 17:15:00
nessus
nessus
KB4577049: Windows 10 September 2020 Security Update
2020-09-08 00:00:00
KB4577041: Windows 10 Version 1709 September 2020 Security Update
2020-09-08 00:00:00
KB4577015: Windows 10 Version 1607 and Windows Server 2016 September 2020 Security Update
2020-09-08 00:00:00
mskb
mskb
September 8, 2020—KB4577049 (OS Build 10240.18696)
2021-02-09 08:00:00
September 8, 2020—KB4577041 (OS Build 16299.2107)
2020-10-13 07:00:00
September 8, 2020—KB4577032 (OS Build 17134.1726)
2021-02-09 08:00:00
avleonov
avleonov
Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange
2020-09-30 23:46:21

4.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.5%

JSON
Related for GHSA-WC43-7WJ6-4GGR
osv6github2kaspersky1mscve3cve3veracode2prion3nessus7mskb7avleonov1