CVE-2017-11767: Improper Restriction of Operations within the Bounds of a Memory Buffer

November 2, 2017 (updated October 3, 2019)

ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”.

References

www.securityfocus.com/bid/100838
www.securitytracker.com/id/1039369
nvd.nist.gov/vuln/detail/CVE-2017-11767
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767

Detect and mitigate CVE-2017-11767 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →