Microsoft ChakraCore is vulnerable to remote code execution. This is due to an issue with capturing the name of a function expression in one of the param scope functions where the name symbols are not added to the body. This allows a remote attacker to execute arbitrary code in the context of the authenticated user.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.4.1 | |
microsoft.chakracore.vc140 | eq | 1.4.1 |