Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DOTNET-MICROSOFTCHAKRACORE-174418
- published 18 Apr 2019
- disclosed 12 May 2017
- credit Unknown
How to fix?
Upgrade Microsoft.ChakraCore to version 1.4.4 or higher.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). A malicious user may be allowed to execute arbitrary code in the context of the current user due to the way the scripting engine handles objects in memory.
Note: This CVE ID is different from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.