CVE-2017-8659
ChakraCore information disclosure vulnerability
4.3
MEDIUM
CVSS 3.1
EPSS 14.6%
Description
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
How to fix CVE-2017-8659
To remediate CVE-2017-8659, upgrade the affected package to a fixed version below.
- —upgrade to 1.6.1 or later
Is CVE-2017-8659 being exploited?
Moderate — EPSS is 14.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.6.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |