Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Njs Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8CVSS

9.6AI Score

0.004EPSS

2019-05-09 02:29 PM
31
cve
cve

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8CVSS

9.6AI Score

0.004EPSS

2019-05-09 02:29 PM
37
cve
cve

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.

9.8CVSS

9.6AI Score

0.005EPSS

2019-05-20 02:29 PM
46
cve
cve

CVE-2019-12207

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.

9.8CVSS

9.3AI Score

0.007EPSS

2019-05-20 02:29 PM
36
4
cve
cve

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.

9.8CVSS

9.6AI Score

0.005EPSS

2019-05-20 02:29 PM
41
cve
cve

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.

9.8CVSS

9.4AI Score

0.007EPSS

2019-06-30 12:15 AM
54
4
cve
cve

CVE-2021-46463

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

9.8CVSS

9.4AI Score

0.004EPSS

2022-02-14 10:15 PM
126
cve
cve

CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.

9.8CVSS

9.5AI Score

0.004EPSS

2022-02-14 10:15 PM
166
cve
cve

CVE-2022-27007

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

9.8CVSS

9.3AI Score

0.003EPSS

2022-04-14 03:15 PM
62
2
cve
cve

CVE-2022-29379

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 relea...

9.8CVSS

9.7AI Score

0.003EPSS

2022-05-25 01:15 PM
47
9
cve
cve

CVE-2022-34029

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

9.1CVSS

9.1AI Score

0.002EPSS

2022-07-18 09:15 PM
60
7
cve
cve

CVE-2022-43286

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

9.8CVSS

9.4AI Score

0.002EPSS

2022-10-28 09:15 PM
39
2