Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass".

Affected Packages

NuGet Microsoft.ChakraCore

Affected versions: 0 (fixed in 1.8.0)

Related CVEs

CVE-2018-0818

Key Information

GHSA ID

GHSA-fv8m-p45w-gf38

Published

May 13, 2022 1:48 AM

Last Modified

October 6, 2023 1:41 AM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

Microsoft.ChakraCore

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 17, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.