chakracore is vulnerable to remote code execution. A previous MSRC fix removes the body scope of an enclosing function when a nested function is declared in the param scope of that enclosing function. This results in an incorrect calculation of envIndex
for any symbols captured from enclosing scopes if the skipped body scope appears in the frameDisplay
being passed to the nested function.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.11.18 | |
microsoft.chakracore.vc140 | le | 1.11.18 |