Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor · CVE-2019-0746 · GitHub Advisory Database · GitHub

Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Moderate severity GitHub Reviewed Published Apr 9, 2019 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

Microsoft.ChakraCore (NuGet)

Affected versions

< 1.11.7

Patched versions

1.11.7

Description

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.

References

Published to the GitHub Advisory Database Apr 9, 2019

Reviewed Jun 16, 2020

Last updated Jan 11, 2023

Severity

Moderate

6.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N