Vulnerabilities
Vulnerable Software
F5:  >> Njs  Security Vulnerabilities
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release
CVSS Score
9.8
EPSS Score
0.017
Published
2022-05-25
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
CVSS Score
7.5
EPSS Score
0.011
Published
2022-05-12
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
CVSS Score
5.5
EPSS Score
0.008
Published
2022-04-15
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
CVSS Score
9.8
EPSS Score
0.016
Published
2022-04-14
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
CVSS Score
7.5
EPSS Score
0.017
Published
2022-04-14
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
CVSS Score
9.8
EPSS Score
0.016
Published
2022-02-14
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
CVSS Score
7.5
EPSS Score
0.017
Published
2022-02-14
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
CVSS Score
9.8
EPSS Score
0.016
Published
2022-02-14
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVSS Score
5.5
EPSS Score
0.004
Published
2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVSS Score
5.5
EPSS Score
0.005
Published
2020-08-13


Contact Us

Shodan ® - All rights reserved