32 matches found
[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-8.fc44
Simple JavaScript proof-of-work based access for Nginx with virtually no over head...
Linux Distros Unpatched Vulnerability : CVE-2026-8711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg,...
DEBIAN-CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
UBUNTU-CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
Summary (CVE-2026-8711): NGINX JavaScript (njs) is vulnerable when the js_fetch_proxy directive uses at least one client-controlled variable (e.g., $http_, $arg_ , $cookie_*) and a location invokes ngx.fetch(). An unauthenticated remote attacker can send crafted HTTP requests that may trigger a h...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711 NGINX JavaScript vulnerability
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
EUVD-2026-30940
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711 NGINX JavaScript vulnerability
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
NGINX JavaScript 安全漏洞
NGINX JavaScript is an extension developed by NGINX as open source. There is a security vulnerability in NGINX JavaScript. This vulnerability arises when configuring NGINX variables controlled by the jsFetchProxy directive, which may lead to a heap buffer overflow, resulting in the restart of the...
PT-2026-41939
Name of the Vulnerable Software and Affected Versions NGINX JavaScript affected versions not specified Description A heap buffer overflow occurs when the js fetch proxy directive is configured with at least one client-controlled NGINX variable such as $http , $arg , or $cookie and a location...
[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-7.fc44
Simple JavaScript proof-of-work based access for Nginx with virtually no over head...
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
...
CVE-2020-19692
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njsmoduleread in the njsmodule.c file...
AZL-26030 CVE-2020-19692 affecting package nginx for versions less than 1.22.1-11
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njsmoduleread in the njsmodule.c file...
CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njsscopevalidvalue at njsscope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input...
NGINX JavaScript 缓冲区错误漏洞
NGINX JavaScript is an extension to the NGINX open source. A buffer error vulnerability exists in NGINX JavaScript versions 0.7.2 through 0.7.4, which stems from a segmentation violation in the njsscopevalidvalue function in njsscope.h. The vulnerability is caused by the use of the...