Home > Vulnerability Database > CVE-2020-0813

Mend.io Vulnerability Database

CVE-2020-0813

Good to know:

Date: March 12, 2020

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the userâ€™s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

Language: JS

Severity Score

7.5

Related Resources (6)

Url: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813

Url: https://github.com/chakra-core/ChakraCore

Url: https://github.com/chakra-core/ChakraCore/pull/6385

Url: https://github.com/chakra-core/ChakraCore/pull/6385/commits/e6abd1d110442e6357351c23a7f882f83e4bbe4d

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-0813

Url: https://www.mend.io/vulnerability-database/CVE-2020-0813

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version Microsoft.ChakraCore - 1.11.17

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-0813

Good to know:

Date: March 12, 2020

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?