CVE-2017-0208
ChakraCore information disclosure vulnerability
4.3
MEDIUM
CVSS 3.1
EPSS 14.9%
Description
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
How to fix CVE-2017-0208
To remediate CVE-2017-0208, upgrade the affected package to a fixed version below.
- —upgrade to 1.4.3 or later
Is CVE-2017-0208 being exploited?
Moderate — EPSS is 14.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.4.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |