Описание
ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-0710
- https://github.com/chakra-core/ChakraCore/pull/6375
- https://github.com/chakra-core/ChakraCore/pull/6375/commits/d89802674a591904c971f2d92b96b8f40839e7c7
- https://github.com/chakra-core/ChakraCore
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0710
Пакеты
Microsoft.ChakraCore
< 1.11.16
1.11.16
Связанные уязвимости
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Уязвимость обработчика JavaScript-сценариев ChakraCore браузера Microsoft Edge, позволяющая нарушителю выполнить произвольный код