Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-cy9w-cuk8-73bk
Summary
Out-of-bounds Write
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.
Aliases
0
alias CVE-2018-0860
1
alias GHSA-v3xp-3wpq-rvhp
Fixed_packages
0
url pkg:nuget/Microsoft.ChakraCore@1.8.1
purl pkg:nuget/Microsoft.ChakraCore@1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18bt-p9bu-7kcg
1
vulnerability VCID-1d4d-6ycn-kfbg
2
vulnerability VCID-1fvy-afaq-7ffz
3
vulnerability VCID-1hm4-8j3z-gbe8
4
vulnerability VCID-1txb-sjay-ukfb
5
vulnerability VCID-1xjh-99vu-vyf6
6
vulnerability VCID-27q5-85wq-ayhx
7
vulnerability VCID-2jw8-vq79-3yc4
8
vulnerability VCID-2ry8-tv1k-pyb3
9
vulnerability VCID-3r3s-nrc8-sbe6
10
vulnerability VCID-431z-8875-d7fr
11
vulnerability VCID-46f5-3qcs-ckcw
12
vulnerability VCID-4kr2-wf77-nug4
13
vulnerability VCID-4n9b-ptn2-3ugd
14
vulnerability VCID-4rr8-ter6-7yaw
15
vulnerability VCID-523x-9n5w-rqc2
16
vulnerability VCID-54xz-xw4u-xqh9
17
vulnerability VCID-558y-9j3b-fyd3
18
vulnerability VCID-66rk-gaz2-x7et
19
vulnerability VCID-6yew-52pk-nfe9
20
vulnerability VCID-6zfw-kag6-sfhq
21
vulnerability VCID-7sqx-g2jn-9yds
22
vulnerability VCID-7trr-1jwb-zufw
23
vulnerability VCID-7z5t-cth2-ybe1
24
vulnerability VCID-8jd7-9g2p-xqec
25
vulnerability VCID-8jqz-9eaj-mfaj
26
vulnerability VCID-99dg-rm43-9qef
27
vulnerability VCID-9u2d-1vj5-sfbf
28
vulnerability VCID-9v8t-kbf9-yye5
29
vulnerability VCID-ahe3-4w9p-xfba
30
vulnerability VCID-btua-a1pr-mbbe
31
vulnerability VCID-cmad-nxc3-3ugn
32
vulnerability VCID-dc3y-6mb9-6fe1
33
vulnerability VCID-dcer-1uh1-a7h9
34
vulnerability VCID-e1b9-bq4b-9fh7
35
vulnerability VCID-eygy-bzey-7yaq
36
vulnerability VCID-f8m6-a9a9-juhw
37
vulnerability VCID-fedc-anrx-ufg2
38
vulnerability VCID-fj84-9g1p-vfa5
39
vulnerability VCID-fxfn-jq82-n3fy
40
vulnerability VCID-fzjt-qse7-kbd5
41
vulnerability VCID-ggf4-u8qd-eff7
42
vulnerability VCID-gyyj-1jxm-vfbu
43
vulnerability VCID-hagb-nxwq-tbg3
44
vulnerability VCID-hbcj-83rp-jbd4
45
vulnerability VCID-hcfa-1wq4-wyga
46
vulnerability VCID-hdpy-kfn8-sbba
47
vulnerability VCID-je2z-mcvk-gqhp
48
vulnerability VCID-jmx4-vvk4-ykdk
49
vulnerability VCID-keaw-uz84-9qer
50
vulnerability VCID-mczu-b3e6-5bgb
51
vulnerability VCID-me7g-49jk-63c2
52
vulnerability VCID-mksq-kg9m-uqdz
53
vulnerability VCID-mm2r-t2rz-7ygp
54
vulnerability VCID-mmba-qzvj-37df
55
vulnerability VCID-mnd4-84rp-mbb4
56
vulnerability VCID-nd4s-mcgx-s3bs
57
vulnerability VCID-njsb-3b47-77hk
58
vulnerability VCID-nn2u-snsx-83hq
59
vulnerability VCID-nypa-dv6a-aydu
60
vulnerability VCID-nyyv-c55j-pyea
61
vulnerability VCID-pusx-pa1h-yyfu
62
vulnerability VCID-pxev-85t8-fug6
63
vulnerability VCID-qgsm-c5dq-bfb8
64
vulnerability VCID-qndq-e3vk-ybeu
65
vulnerability VCID-r16a-n5nn-nybp
66
vulnerability VCID-rffd-vnyj-puc3
67
vulnerability VCID-rkns-keya-cyfj
68
vulnerability VCID-rnva-ys32-7kbu
69
vulnerability VCID-rxgn-xep7-fya7
70
vulnerability VCID-saxs-fd9n-cyem
71
vulnerability VCID-shdw-sqhu-v3aa
72
vulnerability VCID-sqfw-zhmk-mkbe
73
vulnerability VCID-t8bg-6rsw-ebf8
74
vulnerability VCID-tnh1-zjdq-6qhd
75
vulnerability VCID-tnhg-2f5h-cfaa
76
vulnerability VCID-udcs-da57-q7hs
77
vulnerability VCID-uwda-x8ud-b7ht
78
vulnerability VCID-v4er-vyja-qffa
79
vulnerability VCID-vk99-umu1-2bag
80
vulnerability VCID-vser-kewx-akh4
81
vulnerability VCID-vxjj-cqyk-w3hd
82
vulnerability VCID-w2kf-rnn3-huc8
83
vulnerability VCID-wjjc-1wyd-87fp
84
vulnerability VCID-x6wa-636e-zugv
85
vulnerability VCID-xcd3-cznv-xuc8
86
vulnerability VCID-xkm6-uy8d-x3cq
87
vulnerability VCID-yabf-1cc1-v7dk
88
vulnerability VCID-yc6q-h53h-9khy
89
vulnerability VCID-z6hg-axpc-1qht
90
vulnerability VCID-z6nc-29bh-77h9
91
vulnerability VCID-zptc-hpne-x7at
92
vulnerability VCID-zqb9-5v29-xbc6
resource_url http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.ChakraCore@1.8.1
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-0860
reference_id
reference_type
scores
0
value 0.79299
scoring_system epss
scoring_elements 0.99095
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-0860
1
reference_url https://github.com/chakra-core/ChakraCore
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/chakra-core/ChakraCore
2
reference_url https://github.com/chakra-core/ChakraCore/commit/9dac38fa6a6273f4cd57234d3caf4c7033e527bc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/chakra-core/ChakraCore/commit/9dac38fa6a6273f4cd57234d3caf4c7033e527bc
3
reference_url https://web.archive.org/web/20210124135855/http://www.securityfocus.com/bid/102883
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124135855/http://www.securityfocus.com/bid/102883
4
reference_url https://web.archive.org/web/20210922050621/http://www.securitytracker.com/id/1040372
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210922050621/http://www.securitytracker.com/id/1040372
5
reference_url https://www.exploit-db.com/exploits/44076
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/44076
6
reference_url https://www.exploit-db.com/exploits/44076/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/44076/
7
reference_url https://bugs.chromium.org/p/project-zero/issues/detail?id=1437&desc=3
reference_id CVE-2018-0860
reference_type exploit
scores
url https://bugs.chromium.org/p/project-zero/issues/detail?id=1437&desc=3
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/44076.js
reference_id CVE-2018-0860
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/44076.js
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-0860
reference_id CVE-2018-0860
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-0860
10
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860
reference_id CVE-2018-0860
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0860
11
reference_url https://github.com/advisories/GHSA-v3xp-3wpq-rvhp
reference_id GHSA-v3xp-3wpq-rvhp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v3xp-3wpq-rvhp
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
2
cwe_id 787
name Out-of-bounds Write
description The product writes data past the end, or before the beginning, of the intended buffer.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2018-02-15
description Microsoft Edge Chakra JIT - Memory Corruption
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2018-02-15
exploit_type dos
platform windows
source_date_updated 2018-02-15
data_source Exploit-DB
source_url https://bugs.chromium.org/p/project-zero/issues/detail?id=1437&desc=3
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-cy9w-cuk8-73bk