GitHub Advisory DatabaseGHSA-W3QR-8V4R-592MChakraCore information disclosure vulnerability
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
84.7%
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka âScripting Engine Information Disclosure Vulnerability.â This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft.chakracore | lt | 1.11.1 |
References
github.com/advisories/GHSA-w3qr-8v4r-592m
github.com/chakra-core/ChakraCore/commit/3f3544801cc01e9f54cab84b20602a3b5e29c3ef
nvd.nist.gov/vuln/detail/CVE-2018-8452
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8452
web.archive.org/web/20210124203129/www.securityfocus.com/bid/105252
web.archive.org/web/20221128100304/www.securitytracker.com/id/1041623
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.011 Low
EPSS
Percentile
84.7%