EPSS
Percentile
94.7%
Microsoft.Chakracore is vulnerable to a remote code execution (RCE) attack. The library does not handle objects in the Scanner::LineLength function in lib/Parser/Scan.cpp, allowing a malicious user to inject and execute arbitrary code.
Scanner::LineLength
lib/Parser/Scan.cpp
github.com/Microsoft/ChakraCore/commit/6199b5e19a61744f5d2357bbbaf1b50dd284c4a6
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8551