Arbitrary Code Execution Affecting microsoft.chakracore Open this link in a new tab package, versions [,1.8.4)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
5 May 2019
9 May 2018
How to fix?
Microsoft.ChakraCore to version 1.8.4 or higher.
Affected versions of this package are vulnerable to Arbitrary Code Execution. This is due to a type confusion vulnerability in Chakra JIT which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the authenticated user.
Note: This CVE ID is different from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.