-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper handling of destructuring patterns in tagged template calls under eval. The patch adds 1) AutoMarkInParsingArgs scope management in ParsePostfixOperators to track parsing context, and 2) explicit setting of hasDestructuring flag in ParseStringTemplateDecl call nodes. These changes directly address memory corruption via stack mismanagement (CWE-787), confirming these functions' role in the vulnerability. The commit message explicitly links these changes to CVE-2018-0930 remediation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.8.2 | 1.8.2 |