17 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-8711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg,...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
UBUNTU-CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
Summary (CVE-2026-8711): NGINX JavaScript (njs) is vulnerable when the js_fetch_proxy directive uses at least one client-controlled variable (e.g., $http_, $arg_ , $cookie_*) and a location invokes ngx.fetch(). An unauthenticated remote attacker can send crafted HTTP requests that may trigger a h...
EUVD-2026-30940
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711 NGINX JavaScript vulnerability
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
CVE-2026-8711
NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...
PT-2026-41939
Name of the Vulnerable Software and Affected Versions NGINX JavaScript affected versions not specified Description An issue exists when the 'js fetch proxy' directive is configured with at least one client-controlled NGINX variable, such as $http , $arg , or $cookie , and a location invokes the...
CVE-2020-19692
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njsmoduleread in the njsmodule.c file...
NGINX JavaScript 安全漏洞
NGINX JavaScript is an extension to the NGINX open source. A security vulnerability exists in NGINX JavaScript version 0.7.4, which stems from a segmentation violation in the njspromisereactionjob function...
NGINX JavaScript 缓冲区错误漏洞
NGINX JavaScript is an extension to the NGINX open source. A buffer error vulnerability exists in NGINX JavaScript versions 0.7.2 through 0.7.4, which stems from a segmentation violation in the njsscopevalidvalue function in njsscope.h. The vulnerability is caused by the use of the...
CVE-2022-34030
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njsdjbhash at src/njsdjbhash.c...
CVE-2022-34029
Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njsscopevalue at njsscope.h...
Nginx 安全漏洞
Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx Inc. in the United States. njs is one of the scripting language components that supports extended NGINX functionality. A security vulnerability exists in Nginx NJS version v0.7.5, which stems from...
NGINX JavaScript 缓冲区错误漏洞
NGINX JavaScript is an extension to the NGINX open source. A buffer error vulnerability exists in NGINX JavaScript version v0.7.3, which stems from a stack overflow in function njsdefaultmoduleloader in /src/njs/src/njsmodule.c. The vulnerability is caused by a stack overflow in function...