microsoft.chakracore is vulnerable to remote code execution (RCE) attacks. The vulnerability exists in CrossSite::CommonThunk
of lib/Runtime/Base/CrossSite.cpp
where the Chakra scripting engine handles objects in memory insecurely, causing a Chakra Scripting Engine Memory Corruption
vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.10.0 | |
microsoft.chakracore.vc140 | le | 1.10.0 |