CVE-2017-8659: Exposure of Sensitive Information to an Unauthorized Actor
(updated )
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user’s system due to the Chakra scripting engine not properly handling objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”.
References
- github.com/advisories/GHSA-h6m7-jphx-f9p5
- github.com/chakra-core/ChakraCore/commit/2500e1cdc12cb35af73d5c8c9b85656aba6bab4d
- github.com/chakra-core/ChakraCore/pull/3509
- nvd.nist.gov/vuln/detail/CVE-2017-8659
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
- web.archive.org/web/20210612224703/http://www.securityfocus.com/bid/100029
- web.archive.org/web/20211127144809/http://www.securitytracker.com/id/1039095
Code Behaviors & Features
Detect and mitigate CVE-2017-8659 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →