7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-0813

GHSA ID

GHSA-vvvh-5xrm-pxff

EPSS Score

0.92809%

CWE

Published

5/24/2022

Updated

7/12/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-0813

CVE-2020-0813: ChakraCore information disclosure vulnerability

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-0813

CVE-2020-0813:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-0813

GHSA ID

GHSA-vvvh-5xrm-pxff

EPSS Score

0.92809%

CWE

Published

5/24/2022

Updated

7/12/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.ChakraCore	nuget	< 1.11.17	1.11.17

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows critical changes in how EvalMapString keys are handled in AddToEvalMapHelper. The vulnerability description specifically mentions improper memory handling of objects, and the fix introduced a copy operation for external buffers. The pre-patch code lacked ownership tracking (evident from the added 'owningVar' field) and could store transient buffers, making ScriptContext::AddToEvalMapHelper the primary vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-0813: ChakraCore information disclosure vulnerability

CVE-2020-0813:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

7.5

7.5

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-0813: ChakraCore information disclosure vulnerability

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI