CVE-2017-0208: Exposure of Sensitive Information to an Unauthorized Actor
(updated )
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system, a.k.a. “Scripting Engine Information Disclosure Vulnerability.”
References
- github.com/advisories/GHSA-pjpr-2qqp-gprf
- github.com/chakra-core/ChakraCore/commit/54d6d085987e2c399863940179db67b594d7f0a3
- github.com/chakra-core/ChakraCore/pull/2834
- nvd.nist.gov/vuln/detail/CVE-2017-0208
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0208
- web.archive.org/web/20210124023848/http://www.securityfocus.com/bid/97460
- web.archive.org/web/20211201121401/http://www.securitytracker.com/id/1038234
Code Behaviors & Features
Detect and mitigate CVE-2017-0208 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →