{"id":"GHSA-9f8c-f7h4-xghf","summary":"Remote code execution in ChakraCore","details":"A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180.","aliases":["CVE-2020-1057"],"modified":"2023-11-08T04:01:58.282657Z","published":"2021-08-02T17:28:53Z","database_specific":{"cwe_ids":["CWE-119","CWE-787"],"github_reviewed":true,"nvd_published_at":"2020-09-11T17:15:00Z","github_reviewed_at":"2021-05-04T22:11:39Z","severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1057"},{"type":"WEB","url":"https://github.com/chakra-core/ChakraCore/pull/6500"},{"type":"WEB","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1057"}],"affected":[{"package":{"name":"Microsoft.ChakraCore","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.ChakraCore"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11.22"}]}],"versions":["1.10.0","1.10.1","1.10.2","1.11.0","1.11.1","1.11.10","1.11.11","1.11.12","1.11.13","1.11.14","1.11.15","1.11.16","1.11.17","1.11.18","1.11.19","1.11.2","1.11.20","1.11.21","1.11.3","1.11.4","1.11.5","1.11.6","1.11.7","1.11.8","1.11.9","1.2.0","1.2.1","1.2.2","1.2.3","1.2.6.62716-preview","1.3.0","1.3.1","1.3.2","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.5.0","1.5.1","1.5.2","1.5.3","1.6.0","1.6.2","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-9f8c-f7h4-xghf/GHSA-9f8c-f7h4-xghf.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}