7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-42279

GHSA ID

GHSA-jgrp-6qqq-3284

EPSS Score

0.86688%

CWE

CWE-787

Published

5/24/2022

Updated

1/28/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-42279

CVE-2021-42279: Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption

Chakra Scripting Engine and ChakraCore are vulnerable to memory corruption due to an out-of-bounds write. The Microsoft advisory for CVE-2021-42279 was modified in August 2022 to include Microsoft.ChakraCore as an affected product.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-42279

GHSA ID

GHSA-jgrp-6qqq-3284

EPSS Score

0.86688%

CWE

CWE-787

Published

5/24/2022

Updated

1/28/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.ChakraCore	nuget	<= 1.11.24

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

***kr* S*riptin* *n*in* *n* ***kr**or* *r* vuln*r**l* to m*mory *orruption *u* to *n out-o*-*oun*s writ*. T** Mi*roso*t **visory *or *V*-****-***** w*s mo*i*i** in *u*ust **** to in*lu** Mi*roso*t.***kr**or* *s *n *****t** pro*u*t.

Reasoning

No *n*lysis *v*il**l*

7.5

Basic Information

Concerned about an active attack path?

CVE-2021-42279: Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI