{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12880?format=json","vulnerability_id":"VCID-3ydf-evf7-dqdk","summary":"Out-of-bounds Write\nA remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.","aliases":[{"alias":"CVE-2018-8359"},{"alias":"GHSA-38r7-rv5p-ggwq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55348?format=json","purl":"pkg:nuget/Microsoft.ChakraCore@1.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18bt-p9bu-7kcg"},{"vulnerability":"VCID-1d4d-6ycn-kfbg"},{"vulnerability":"VCID-1hm4-8j3z-gbe8"},{"vulnerability":"VCID-1xjh-99vu-vyf6"},{"vulnerability":"VCID-27q5-85wq-ayhx"},{"vulnerability":"VCID-2jw8-vq79-3yc4"},{"vulnerability":"VCID-2wu3-ksgd-7qcr"},{"vulnerability":"VCID-3nzr-td1q-y3em"},{"vulnerability":"VCID-431z-8875-d7fr"},{"vulnerability":"VCID-46f5-3qcs-ckcw"},{"vulnerability":"VCID-4kr2-wf77-nug4"},{"vulnerability":"VCID-4n9b-ptn2-3ugd"},{"vulnerability":"VCID-4rr8-ter6-7yaw"},{"vulnerability":"VCID-4rwm-5rju-qfex"},{"vulnerability":"VCID-54dn-25dk-c7fv"},{"vulnerability":"VCID-558y-9j3b-fyd3"},{"vulnerability":"VCID-5vs4-kke1-2qc1"},{"vulnerability":"VCID-66rk-gaz2-x7et"},{"vulnerability":"VCID-6yew-52pk-nfe9"},{"vulnerability":"VCID-6zfw-kag6-sfhq"},{"vulnerability":"VCID-7sqx-g2jn-9yds"},{"vulnerability":"VCID-7trr-1jwb-zufw"},{"vulnerability":"VCID-7xtq-66dy-bkgk"},{"vulnerability":"VCID-8jd7-9g2p-xqec"},{"vulnerability":"VCID-8raz-bd3b-mfhh"},{"vulnerability":"VCID-99dg-rm43-9qef"},{"vulnerability":"VCID-99ef-7s16-yyeq"},{"vulnerability":"VCID-9j8c-jjxf-abhd"},{"vulnerability":"VCID-9u2d-1vj5-sfbf"},{"vulnerability":"VCID-a3v3-mpys-vqas"},{"vulnerability":"VCID-agvs-vu61-c7aq"},{"vulnerability":"VCID-ahe3-4w9p-xfba"},{"vulnerability":"VCID-bety-tpzp-qbg4"},{"vulnerability":"VCID-cmad-nxc3-3ugn"},{"vulnerability":"VCID-djs1-ab5r-bbd4"},{"vulnerability":"VCID-dsy7-n3h6-rbg9"},{"vulnerability":"VCID-dx5m-ppqe-cuej"},{"vulnerability":"VCID-e1b9-bq4b-9fh7"},{"vulnerability":"VCID-ex9d-ewbz-ubb5"},{"vulnerability":"VCID-eygy-bzey-7yaq"},{"vulnerability":"VCID-fedc-anrx-ufg2"},{"vulnerability":"VCID-fj84-9g1p-vfa5"},{"vulnerability":"VCID-fr86-y4tg-9ycp"},{"vulnerability":"VCID-fxfn-jq82-n3fy"},{"vulnerability":"VCID-fzjt-qse7-kbd5"},{"vulnerability":"VCID-ggf4-u8qd-eff7"},{"vulnerability":"VCID-gu4y-gk9v-dbep"},{"vulnerability":"VCID-gyyj-1jxm-vfbu"},{"vulnerability":"VCID-hagb-nxwq-tbg3"},{"vulnerability":"VCID-hcfa-1wq4-wyga"},{"vulnerability":"VCID-hd4m-nbr1-rbd8"},{"vulnerability":"VCID-hdpy-kfn8-sbba"},{"vulnerability":"VCID-j146-jsyz-y3gj"},{"vulnerability":"VCID-j1gx-jhbn-k3gd"},{"vulnerability":"VCID-je2z-mcvk-gqhp"},{"vulnerability":"VCID-jmx4-vvk4-ykdk"},{"vulnerability":"VCID-jwms-xqgm-dydw"},{"vulnerability":"VCID-k7p1-rcdv-huga"},{"vulnerability":"VCID-keaw-uz84-9qer"},{"vulnerability":"VCID-kkru-29c6-pfdd"},{"vulnerability":"VCID-kque-3gkp-zuaa"},{"vulnerability":"VCID-m75x-ejxh-d7f8"},{"vulnerability":"VCID-mczu-b3e6-5bgb"},{"vulnerability":"VCID-mdxe-tfgf-d7g5"},{"vulnerability":"VCID-mm2r-t2rz-7ygp"},{"vulnerability":"VCID-mmba-qzvj-37df"},{"vulnerability":"VCID-mvnv-zj61-abgg"},{"vulnerability":"VCID-n78g-bzfs-hqgw"},{"vulnerability":"VCID-nc4u-h6aj-5qag"},{"vulnerability":"VCID-nct4-jbw7-4yef"},{"vulnerability":"VCID-nd4s-mcgx-s3bs"},{"vulnerability":"VCID-njsb-3b47-77hk"},{"vulnerability":"VCID-nn2u-snsx-83hq"},{"vulnerability":"VCID-nypa-dv6a-aydu"},{"vulnerability":"VCID-pusx-pa1h-yyfu"},{"vulnerability":"VCID-pxev-85t8-fug6"},{"vulnerability":"VCID-q5tf-a4s5-7qah"},{"vulnerability":"VCID-qn21-udnm-aqc6"},{"vulnerability":"VCID-qndq-e3vk-ybeu"},{"vulnerability":"VCID-r16a-n5nn-nybp"},{"vulnerability":"VCID-r7nx-huw6-2kaw"},{"vulnerability":"VCID-rffd-vnyj-puc3"},{"vulnerability":"VCID-rkns-keya-cyfj"},{"vulnerability":"VCID-rnva-ys32-7kbu"},{"vulnerability":"VCID-rxgn-xep7-fya7"},{"vulnerability":"VCID-seum-3u3s-xuhq"},{"vulnerability":"VCID-sqfw-zhmk-mkbe"},{"vulnerability":"VCID-suhe-2a7n-zbgr"},{"vulnerability":"VCID-t5b1-tsu5-1ybn"},{"vulnerability":"VCID-t8bg-6rsw-ebf8"},{"vulnerability":"VCID-t9j3-4vw9-17bf"},{"vulnerability":"VCID-tnh1-zjdq-6qhd"},{"vulnerability":"VCID-tnhg-2f5h-cfaa"},{"vulnerability":"VCID-udcs-da57-q7hs"},{"vulnerability":"VCID-ufp7-z62w-hqgq"},{"vulnerability":"VCID-vser-kewx-akh4"},{"vulnerability":"VCID-vxjj-cqyk-w3hd"},{"vulnerability":"VCID-w2kf-rnn3-huc8"},{"vulnerability":"VCID-x6wa-636e-zugv"},{"vulnerability":"VCID-xd2n-4817-ffa1"},{"vulnerability":"VCID-xkdp-evty-rubw"},{"vulnerability":"VCID-xkm6-uy8d-x3cq"},{"vulnerability":"VCID-yabf-1cc1-v7dk"},{"vulnerability":"VCID-z6hg-axpc-1qht"},{"vulnerability":"VCID-z9gb-6nky-xyha"},{"vulnerability":"VCID-za9b-6yhc-3kgy"},{"vulnerability":"VCID-zmw1-8bzs-pyae"},{"vulnerability":"VCID-zptc-hpne-x7at"},{"vulnerability":"VCID-zzr7-b7ba-8ude"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.ChakraCore@1.10.2"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8359","reference_id":"","reference_type":"","scores":[{"value":"0.284","scoring_system":"epss","scoring_elements":"0.96593","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8359"},{"reference_url":"https://github.com/chakra-core/ChakraCore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chakra-core/ChakraCore"},{"reference_url":"https://github.com/chakra-core/ChakraCore/commit/f8bdb180c4e9351f441e25dc818815d0c63af753","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chakra-core/ChakraCore/commit/f8bdb180c4e9351f441e25dc818815d0c63af753"},{"reference_url":"https://github.com/chakra-core/ChakraCore/pull/5596","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chakra-core/ChakraCore/pull/5596"},{"reference_url":"https://web.archive.org/web/20210421013802/http://www.securityfocus.com/bid/104990","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210421013802/http://www.securityfocus.com/bid/104990"},{"reference_url":"https://web.archive.org/web/20211203061111/http://www.securitytracker.com/id/1041457","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211203061111/http://www.securitytracker.com/id/1041457"},{"reference_url":"http://www.securityfocus.com/bid/104990","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104990"},{"reference_url":"http://www.securitytracker.com/id/1041457","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041457"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8359","reference_id":"CVE-2018-8359","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8359"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359","reference_id":"CVE-2018-8359","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8359"},{"reference_url":"https://github.com/advisories/GHSA-38r7-rv5p-ggwq","reference_id":"GHSA-38r7-rv5p-ggwq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38r7-rv5p-ggwq"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":787,"name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ydf-evf7-dqdk"}