ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

Affected Packages

NuGet Microsoft.ChakraCore

Affected versions: 0 (fixed in 1.8.1)

Related CVEs

CVE-2018-0858

Key Information

GHSA ID

GHSA-7gjv-9m33-chg8

Published

May 13, 2022 1:18 AM

Last Modified

October 6, 2023 1:01 AM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

Microsoft.ChakraCore

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 17, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.