CVE-2019-0658 — Sensitive Information Exposure in Microsoft Chakracore

5 documents5 sources

Severity

6.5MEDIUMNVD

CNA4.3

EPSS

27.8%

top 3.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Chakracore Microsoft Edge

Timeline

PublishedMar 5

Latest updateMay 13

Description

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_edge12 versions+11

▶NVDmicrosoft/chakracore< 1.11.6

▶CVEListV5microsoft/chakracoreunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-w6qv-p5wm-6hvv: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting↗2022-05-13

▶

GHSA

ChakraCore information disclosure vulnerability↗2022-05-13

▶

CVEList

CVE-2019-0658: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting↗2019-03-06

▶

📋Vendor Advisories

Microsoft

Scripting Engine Information Disclosure Vulnerability↗2019-02-12

▶