Skip to content

High severity vulnerability that affects Microsoft.ChakraCore

High severity GitHub Reviewed Published Apr 9, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

nuget Microsoft.ChakraCore (NuGet)

Affected versions

< 1.11.7

Patched versions

1.11.7

Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.

References

Published to the GitHub Advisory Database Apr 9, 2019
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses

CVE ID

CVE-2019-0639

GHSA ID

GHSA-6jf5-rmhv-38cw

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.