You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to vulnerable library: /SDK/bin/Debug/netcoreapp3.1/runtimes/win7-x86/native/ChakraCore.dll,/SDK/bin/Debug/net5.0/runtimes/win7-x86/native/ChakraCore.dll
Path to vulnerable library: /SDK/bin/Debug/net5.0/runtimes/win8-arm/native/ChakraCore.dll,/SDK/bin/Debug/netcoreapp3.1/runtimes/win8-arm/native/ChakraCore.dll
Dependency Hierarchy:
❌ ChakraCore-1.8.1.0.dll (Vulnerable Library)
microsoft.chakracore.1.8.1.nupkg
ChakraCore is the core part of the Chakra Javascript engine that powers Microsoft Edge.
Path to vulnerable library: /SDK/bin/Debug/netcoreapp3.1/runtimes/win7-x64/native/ChakraCore.dll,/SDK/bin/Debug/net5.0/runtimes/win7-x64/native/ChakraCore.dll
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294.
CVE-2018-8280 - High Severity Vulnerability
Vulnerable Libraries - ChakraCore-1.8.1.0.dll, ChakraCore-1.8.1.0.dll, microsoft.chakracore.1.8.1.nupkg, ChakraCore-1.8.1.0.dll
ChakraCore-1.8.1.0.dll
Microsoft ? Chakra Core
Library home page: https://api.nuget.org/packages/microsoft.chakracore.1.8.1.nupkg
Path to vulnerable library: /SDK/bin/Debug/netcoreapp3.1/runtimes/win7-x86/native/ChakraCore.dll,/SDK/bin/Debug/net5.0/runtimes/win7-x86/native/ChakraCore.dll
Dependency Hierarchy:
ChakraCore-1.8.1.0.dll
Microsoft ? Chakra Core
Library home page: https://api.nuget.org/packages/microsoft.chakracore.1.8.1.nupkg
Path to vulnerable library: /SDK/bin/Debug/net5.0/runtimes/win8-arm/native/ChakraCore.dll,/SDK/bin/Debug/netcoreapp3.1/runtimes/win8-arm/native/ChakraCore.dll
Dependency Hierarchy:
microsoft.chakracore.1.8.1.nupkg
ChakraCore is the core part of the Chakra Javascript engine that powers Microsoft Edge.
Library home page: https://api.nuget.org/packages/microsoft.chakracore.1.8.1.nupkg
Path to dependency file: /SDK/SDK.csproj
Path to vulnerable library: /crosoft.chakracore/1.8.1/microsoft.chakracore.1.8.1.nupkg
Dependency Hierarchy:
ChakraCore-1.8.1.0.dll
Microsoft ? Chakra Core
Library home page: https://api.nuget.org/packages/microsoft.chakracore.1.8.1.nupkg
Path to vulnerable library: /SDK/bin/Debug/netcoreapp3.1/runtimes/win7-x64/native/ChakraCore.dll,/SDK/bin/Debug/net5.0/runtimes/win7-x64/native/ChakraCore.dll
Dependency Hierarchy:
Found in HEAD commit: 2cdcbe42d2efe636b5e9b1d4c29c9da6e2c9b927
Found in base branch: master
Vulnerability Details
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294.
Publish Date: 2018-07-11
URL: CVE-2018-8280
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: chakra-core/ChakraCore#5444
Release Date: 2018-07-11
Fix Resolution: v1.10.1
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: