Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DOTNET-MICROSOFTCHAKRACOREVC140-174446
- published 18 Apr 2019
- disclosed 15 May 2017
- credit Unknown
How to fix?
Upgrade Microsoft.ChakraCore.vc140 to version 1.4.4 or higher.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). A remote attacker may be able to execute code in the context of the current authenticated user due to heap overflow in
Note: This vulnerability is different from CVE-2017-0223.