-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe patch specifically modifies GenerateFastElemIStringIndexCommon by reordering the InsertBranch call after InsertObjectPoison. This indicates the vulnerability stemmed from executing control flow (Br to propStrLoadedLabel) before properly validating/poisoning the PropertyString object. The CWE-787 (out-of-bounds write) classification and commit message referencing 'speculative type confusion' align with this pattern - improper type validation before memory operations could allow writing to incorrect memory locations.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.8.4 | 1.8.4 |