CVE-2018-8276
MEDIUM6.5EPSS 15.8%ChakraCore Security Bypass
Published: 5/13/2022Modified: 11/30/2024
Description
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
Affected packages (1)
- NuGet/Microsoft.ChakraCorefrom 0, < 1.10.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-8276
- PATCHhttps://github.com/chakra-core/ChakraCore
- WEBhttps://github.com/chakra-core/ChakraCore/commit/4196f8097afdcc5fe01ce2966871712fb24003a3
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276
- WEBhttps://web.archive.org/web/20210124183457/http://www.securityfocus.com/bid/104626
- WEBhttps://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256