A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.

Affected Packages

NuGet Microsoft.ChakraCore

Affected versions: 0 (fixed in 1.11.18)

Related CVEs

CVE-2020-0970

Key Information

GHSA ID

GHSA-233h-59m2-qqf2

Published

May 24, 2022 5:14 PM

Last Modified

July 17, 2023 7:24 PM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

Microsoft.ChakraCore

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.