CVE-2018-8276
MEDIUM6.5EPSS 15.8%ChakraCore Security Bypass
發布日:2022/5/13修改日:2024/11/30
描述
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
受影響套件(1)
- NuGet/Microsoft.ChakraCorefrom 0, < 1.10.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-8276
- PATCHhttps://github.com/chakra-core/ChakraCore
- WEBhttps://github.com/chakra-core/ChakraCore/commit/4196f8097afdcc5fe01ce2966871712fb24003a3
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276
- WEBhttps://web.archive.org/web/20210124183457/http://www.securityfocus.com/bid/104626
- WEBhttps://web.archive.org/web/20211202002348/http://www.securitytracker.com/id/1041256