CVE-2019-0746

MEDIUM6.5EPSS 22.5%

Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Published: 4/9/2019Modified: 11/8/2023

Description

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'.

Affected packages (1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.11.7

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://github.com/advisories/GHSA-jhx3-2w5x-x39x
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0746
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0746