CVE-2017-11874: Code Injection
(updated )
Microsoft Edge in Microsoft Windows, Windows Server, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka “Microsoft Edge Security Feature Bypass Vulnerability”. This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.
References
Detect and mitigate CVE-2017-11874 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →