Microsoft.ChakraCore is vulnerable to remote code execution. This is due to a type confusion via NewScObjectNoCtor
or InitProto
which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2019-0567, CVE-2019-0568.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.11.4 | |
microsoft.chakracore.vc140 | le | 1.11.4 |