Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/12880?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12880?format=api", "vulnerability_id": "VCID-3ydf-evf7-dqdk", "summary": "Out-of-bounds Write\nA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.", "aliases": [ { "alias": "CVE-2018-8359" }, { "alias": "GHSA-38r7-rv5p-ggwq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55348?format=api", "purl": "pkg:nuget/Microsoft.ChakraCore@1.10.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18bt-p9bu-7kcg" }, { "vulnerability": "VCID-1d4d-6ycn-kfbg" }, { "vulnerability": "VCID-1hm4-8j3z-gbe8" }, { "vulnerability": "VCID-1xjh-99vu-vyf6" }, { "vulnerability": "VCID-27q5-85wq-ayhx" }, { "vulnerability": "VCID-2jw8-vq79-3yc4" }, { "vulnerability": "VCID-2wu3-ksgd-7qcr" }, { "vulnerability": "VCID-3nzr-td1q-y3em" }, { "vulnerability": "VCID-431z-8875-d7fr" }, { "vulnerability": "VCID-46f5-3qcs-ckcw" }, { "vulnerability": "VCID-4kr2-wf77-nug4" }, { "vulnerability": "VCID-4n9b-ptn2-3ugd" }, { "vulnerability": "VCID-4rr8-ter6-7yaw" }, { "vulnerability": "VCID-4rwm-5rju-qfex" }, { "vulnerability": "VCID-54dn-25dk-c7fv" }, { "vulnerability": "VCID-558y-9j3b-fyd3" }, { "vulnerability": "VCID-5vs4-kke1-2qc1" }, { "vulnerability": "VCID-66rk-gaz2-x7et" }, { "vulnerability": "VCID-6yew-52pk-nfe9" }, { "vulnerability": "VCID-6zfw-kag6-sfhq" }, { "vulnerability": "VCID-7sqx-g2jn-9yds" }, { "vulnerability": "VCID-7trr-1jwb-zufw" }, { "vulnerability": "VCID-7xtq-66dy-bkgk" }, { "vulnerability": "VCID-8jd7-9g2p-xqec" }, { "vulnerability": "VCID-8raz-bd3b-mfhh" }, { "vulnerability": "VCID-99dg-rm43-9qef" }, { "vulnerability": "VCID-99ef-7s16-yyeq" }, { "vulnerability": "VCID-9j8c-jjxf-abhd" }, { "vulnerability": "VCID-9u2d-1vj5-sfbf" }, { "vulnerability": "VCID-a3v3-mpys-vqas" }, { "vulnerability": "VCID-agvs-vu61-c7aq" }, { "vulnerability": "VCID-ahe3-4w9p-xfba" }, { "vulnerability": "VCID-bety-tpzp-qbg4" }, { "vulnerability": "VCID-cmad-nxc3-3ugn" }, { "vulnerability": "VCID-djs1-ab5r-bbd4" }, { "vulnerability": "VCID-dsy7-n3h6-rbg9" }, { "vulnerability": "VCID-dx5m-ppqe-cuej" }, { "vulnerability": "VCID-e1b9-bq4b-9fh7" }, { "vulnerability": "VCID-ex9d-ewbz-ubb5" }, { "vulnerability": "VCID-eygy-bzey-7yaq" }, { "vulnerability": "VCID-fedc-anrx-ufg2" }, { "vulnerability": "VCID-fj84-9g1p-vfa5" }, { "vulnerability": "VCID-fr86-y4tg-9ycp" }, { "vulnerability": "VCID-fxfn-jq82-n3fy" }, { "vulnerability": "VCID-fzjt-qse7-kbd5" }, { "vulnerability": "VCID-ggf4-u8qd-eff7" }, { "vulnerability": "VCID-gu4y-gk9v-dbep" }, { "vulnerability": "VCID-gyyj-1jxm-vfbu" }, { "vulnerability": "VCID-hagb-nxwq-tbg3" }, { "vulnerability": "VCID-hcfa-1wq4-wyga" }, { "vulnerability": "VCID-hd4m-nbr1-rbd8" }, { "vulnerability": "VCID-hdpy-kfn8-sbba" }, { "vulnerability": "VCID-j146-jsyz-y3gj" }, { "vulnerability": "VCID-j1gx-jhbn-k3gd" }, { "vulnerability": "VCID-je2z-mcvk-gqhp" }, { "vulnerability": "VCID-jmx4-vvk4-ykdk" }, { "vulnerability": "VCID-jwms-xqgm-dydw" }, { "vulnerability": "VCID-k7p1-rcdv-huga" }, { "vulnerability": "VCID-keaw-uz84-9qer" }, { "vulnerability": "VCID-kkru-29c6-pfdd" }, { "vulnerability": "VCID-kque-3gkp-zuaa" }, { "vulnerability": "VCID-m75x-ejxh-d7f8" }, { "vulnerability": "VCID-mczu-b3e6-5bgb" }, { "vulnerability": "VCID-mdxe-tfgf-d7g5" }, { "vulnerability": "VCID-mm2r-t2rz-7ygp" }, { "vulnerability": "VCID-mmba-qzvj-37df" }, { "vulnerability": "VCID-mvnv-zj61-abgg" }, { "vulnerability": "VCID-n78g-bzfs-hqgw" }, { "vulnerability": "VCID-nc4u-h6aj-5qag" }, { "vulnerability": "VCID-nct4-jbw7-4yef" }, { "vulnerability": "VCID-nd4s-mcgx-s3bs" }, { "vulnerability": "VCID-njsb-3b47-77hk" }, { "vulnerability": "VCID-nn2u-snsx-83hq" }, { "vulnerability": "VCID-nypa-dv6a-aydu" }, { "vulnerability": "VCID-pusx-pa1h-yyfu" }, { "vulnerability": "VCID-pxev-85t8-fug6" }, { "vulnerability": "VCID-q5tf-a4s5-7qah" }, { "vulnerability": "VCID-qn21-udnm-aqc6" }, { "vulnerability": "VCID-qndq-e3vk-ybeu" }, { "vulnerability": "VCID-r16a-n5nn-nybp" }, { "vulnerability": "VCID-r7nx-huw6-2kaw" }, { "vulnerability": "VCID-rffd-vnyj-puc3" }, { "vulnerability": "VCID-rkns-keya-cyfj" }, { "vulnerability": "VCID-rnva-ys32-7kbu" }, { "vulnerability": "VCID-rxgn-xep7-fya7" }, { "vulnerability": "VCID-seum-3u3s-xuhq" }, { "vulnerability": "VCID-sqfw-zhmk-mkbe" }, { "vulnerability": "VCID-suhe-2a7n-zbgr" }, { "vulnerability": "VCID-t5b1-tsu5-1ybn" }, { "vulnerability": "VCID-t8bg-6rsw-ebf8" }, { "vulnerability": "VCID-t9j3-4vw9-17bf" }, { "vulnerability": "VCID-tnh1-zjdq-6qhd" }, { "vulnerability": "VCID-tnhg-2f5h-cfaa" }, { "vulnerability": "VCID-udcs-da57-q7hs" }, { "vulnerability": "VCID-ufp7-z62w-hqgq" }, { "vulnerability": "VCID-vser-kewx-akh4" }, { "vulnerability": "VCID-vxjj-cqyk-w3hd" }, { "vulnerability": "VCID-w2kf-rnn3-huc8" }, { "vulnerability": "VCID-x6wa-636e-zugv" }, { "vulnerability": "VCID-xd2n-4817-ffa1" }, { "vulnerability": "VCID-xkdp-evty-rubw" }, { "vulnerability": "VCID-xkm6-uy8d-x3cq" }, { "vulnerability": "VCID-yabf-1cc1-v7dk" }, { "vulnerability": "VCID-z6hg-axpc-1qht" }, { "vulnerability": "VCID-z9gb-6nky-xyha" }, { "vulnerability": "VCID-za9b-6yhc-3kgy" }, { "vulnerability": "VCID-zmw1-8bzs-pyae" }, { "vulnerability": "VCID-zptc-hpne-x7at" }, { "vulnerability": "VCID-zzr7-b7ba-8ude" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.ChakraCore@1.10.2" } ], "affected_packages": [], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.284", "scoring_system": "epss", "scoring_elements": "0.96593", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8359" }, { "reference_url": "https://github.com/chakra-core/ChakraCore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/chakra-core/ChakraCore" }, { "reference_url": "https://github.com/chakra-core/ChakraCore/commit/f8bdb180c4e9351f441e25dc818815d0c63af753", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/chakra-core/ChakraCore/commit/f8bdb180c4e9351f441e25dc818815d0c63af753" }, { "reference_url": "https://github.com/chakra-core/ChakraCore/pull/5596", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/chakra-core/ChakraCore/pull/5596" }, { "reference_url": "https://web.archive.org/web/20210421013802/http://www.securityfocus.com/bid/104990", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210421013802/http://www.securityfocus.com/bid/104990" }, { "reference_url": "https://web.archive.org/web/20211203061111/http://www.securitytracker.com/id/1041457", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211203061111/http://www.securitytracker.com/id/1041457" }, { "reference_url": "http://www.securityfocus.com/bid/104990", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104990" }, { "reference_url": "http://www.securitytracker.com/id/1041457", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041457" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8359", "reference_id": "CVE-2018-8359", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8359" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359", "reference_id": "CVE-2018-8359", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359" }, { "reference_url": "https://github.com/advisories/GHSA-38r7-rv5p-ggwq", "reference_id": "GHSA-38r7-rv5p-ggwq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38r7-rv5p-ggwq" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 787, "name": "Out-of-bounds Write", "description": "The product writes data past the end, or before the beginning, of the intended buffer." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydf-evf7-dqdk" }