Microsoft Chakracore is vulnerable to remote code execution (RCE). It does not properly handle the JIT bails out when there is an object marked as temporary during an implicit call, allowing objects stored on the stack to be used outside of the function during the DeadStore pass of GlobOpt.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.11.18 | |
microsoft.chakracore.vc140 | le | 1.11.18 |