CVE-2018-8315
MEDIUM4.2EPSS 5.6%ChakraCore information disclosure vulnerability
發布日:2022/5/14修改日:2024/2/16
描述
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
受影響套件(1)
- NuGet/Microsoft.ChakraCorefrom 0, < 1.11.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.2 | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-8315
- PATCHhttps://github.com/chakra-core/ChakraCore
- WEBhttps://github.com/chakra-core/ChakraCore/commit/e03b3e30160ac5846b246931634962ce6bd1db83
- WEBhttps://github.com/chakra-core/ChakraCore/pull/5688
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8315
- WEBhttps://web.archive.org/web/20210124203128/http://www.securityfocus.com/bid/105251
- WEBhttps://web.archive.org/web/20211206083609/https://securitytracker.com/id/1041623