CVE-2019-0649
HIGH8.1EPSS 9.5%Chakra JIT server Privilege Escalation
發布日:2022/5/13修改日:2024/12/2
描述
A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileges Vulnerability'.
受影響套件(1)
- NuGet/Microsoft.ChakraCorefrom 0, < 1.11.6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0649
- PATCHhttps://github.com/chakra-core/ChakraCore
- WEBhttps://github.com/chakra-core/ChakraCore/commit/beba75a1aed0933cf3c76efb4dc67529dc035901
- WEBhttps://github.com/chakra-core/ChakraCore/pull/5936
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0649
- WEBhttps://web.archive.org/web/20210125001406/https://www.securityfocus.com/bid/106877