CVE-2020-17048

Description

Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is unique from CVE-2020-17054.

How to fix CVE-2020-17048

To remediate CVE-2020-17048, upgrade the affected package to a fixed version below.

• NuGet/Microsoft.ChakraCore—upgrade to 1.11.23 or later

Is CVE-2020-17048 being exploited?

Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.11.23

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-17048
• WEBgithub.com/chakra-core/ChakraCore/pull/6528
• WEBgithub.com/chakra-core/ChakraCore/pull/6528/commits/90e222e9a9ba64bd808666f44e6a0913d6318f78
• WEBportal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17048