-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe GitHub patch explicitly adds 'globOpt->CaptureByteCodeSymUses(instr);' in the Optimize function when handling IsIn operations. The commit message states this fixes a type confusion caused by missing BytecodeUses tracking. The vulnerability manifests in JIT optimization logic where improper symbol tracking leads to unsafe memory access patterns (CWE-787). The direct correlation between the patch and the CWE classification confirms this function's role.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.11.2 | 1.11.2 |