microsoft.chakracore is vulnerable to remote code execution. This is due to a use-after-free bug where ServerScriptContext
is freed before being unregistered, which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.5.1 | |
microsoft.chakracore.vc140 | le | 1.5.1 |