CVE-2022-43284

Nginx NJS versions 0.7.2–0.7.4 have a segmentation violation in njs_scope_valid_value (njs_scope.h). Redundant vendor dispute notes that NJS does not operate on untrusted input. Potential impact is unspecified in detail in the sources, but PT-2022-5321 mentions a possible denial of service via th...

NGINX JavaScript 缓冲区错误漏洞

NGINX JavaScript is an extension to the NGINX open source. A buffer error vulnerability exists in NGINX JavaScript versions 0.7.2 through 0.7.4, which stems from a segmentation violation in the njsscopevalidvalue function in njsscope.h. The vulnerability is caused by the use of the...