CVE-2023-4762 (High) detected in v88.3.47 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2023-4762 - High Severity Vulnerability

Vulnerable Library - v88.3.47

The official mirror of the V8 Git repository

Library home page: https://github.com/v8/v8.git

Found in HEAD commit: fce8f85f1c2f070c8e6a8e76d17210a2117d3833

Found in base branch: main

Vulnerable Source Files (2)

/3rdParty/V8/v7.9.317/src/compiler/js-native-context-specialization.cc /3rdParty/V8/v7.9.317/src/compiler/js-native-context-specialization.cc

Vulnerability Details

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Publish Date: 2023-09-05

URL: CVE-2023-4762

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://crbug.com/1473247

Release Date: 2023-09-05

Fix Resolution: v8-11.8.128

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.