microsoft.chakracore is vulnerable to remote code execution (RCE) attacks. A malicious user can pass bad arguments to the ServerAddDOMFastPathHelper
method in JITServer.cpp
which causes an out-of-bound write leading to arbitrary code execution.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.10.0 | |
microsoft.chakracore.vc140 | le | 1.10.0 |