EPSS
Percentile
89.3%
chakracore is vulnerable to remote code execution (RCE). The vulnerability exists in lib/Backend/GlobOpt.cpp, if valueType was not a tagged value. This CVE ID is different from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.
lib/Backend/GlobOpt.cpp
github.com/microsoft/ChakraCore/commit/94181502091b7c22eb86ab1b45ce80bf7ff03aaf
github.com/microsoft/ChakraCore/pull/6302
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1366