CVE-2018-8315 — ChakraCore information disclosure vulnerability

Description

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.

How to fix CVE-2018-8315

To remediate CVE-2018-8315, upgrade the affected package to a fixed version below.

—upgrade to 1.11.1 or later

Is CVE-2018-8315 being exploited?

Low — EPSS is 4.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.11.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.2	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-8315
PATCHgithub.com/chakra-core/ChakraCore
WEBgithub.com/chakra-core/ChakraCore/commit/e03b3e30160ac5846b246931634962ce6bd1db83
WEBgithub.com/chakra-core/ChakraCore/pull/5688