CVE-2019-0609

HIGH7.5EPSS 6.0%

High severity vulnerability that affects Microsoft.ChakraCore

Published: 4/9/2019Modified: 11/8/2023

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.

Affected packages (1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.11.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://github.com/advisories/GHSA-pjpj-f6r8-56rm
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0609
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0609