Lucene search
K

40 matches found

CVE
CVE
added 2022/02/14 9:47 p.m.198 views

CVE-2022-25139

CVE-2022-25139 affects njs up to version 0.7.0 (used in NGINX). The issue is a heap use-after-free in njs_await_fulfilled. CVSS metrics indicate High/CRITICAL impact across confidentiality, integrity, and availability (BASE scores: 7.5/9.8). The connected documents confirm the vulnerable componen...

9.8CVSS9.5AI score0.01616EPSS
CVE
CVE
added 2023/04/04 12:0 a.m.197 views

CVE-2020-19695

CVE-2020-19695 affects Nginx NJS (njs/njs_vm.c) with a buffer overflow in the njs_object_property handling, enabling a remote attacker to execute arbitrary code. Impact is high (network vector, no user interaction), with affected Nginx NJS builds prior to a patched release. Red Hat/Mariner notes ...

9.8CVSS9.7AI score0.01333EPSS
CVE
CVE
added 2022/02/14 9:47 p.m.160 views

CVE-2021-46463

CVE-2021-46463: In njs (used in NGINX) up to version 0.7.1, a Type Confusion in njs_promise_perform_then() enables control-flow hijack. NVD lists high/critical scores (CVSS v3.1: 9.8) with network attacker, no user interaction. Affected: njs within NGINX. Remediation/fix not specified in the prov...

9.8CVSS9.4AI score0.01663EPSS
CVE
CVE
added 2019/07/16 4:7 p.m.150 views

CVE-2019-13617

CVE-2019-13617 affects njs up to 0.3.3 used in NGINX. The vulnerability is a heap-based buffer over-read in nxt_vsprintf (nxt/nxt_sprintf.c) during error handling, demonstrated by an njs_regexp_literal path that triggers njs_parser_lexer_error and then njs_parser_scope_error. Impact described as ...

6.5CVSS6.7AI score0.01305EPSS
CVE
CVE
added 2022/02/14 9:47 p.m.125 views

CVE-2021-46462

CVE-2021-46462 affects njs (the scripting language used in NGINX). The issue is a segmentation fault in njs_object_set_prototype (file /src/njs_object.c) when using njs through version up to 0.7.1. The vulnerability is documented across multiple feeds (NVD, OSV, OSV Alpine, etc.) with the core de...

7.5CVSS7.5AI score0.01677EPSS
CVE
CVE
added 2022/07/18 8:14 p.m.96 views

CVE-2022-34031

CVE-2022-34031 affects Nginx NJS v0.7.5. The vulnerability is a segmentation violation caused by njs_value_to_number in src/njs_value_conversion.h, which may crash the process. Reported CVSS v3.1 base score 7.5 (HIGH) with network attack vector, no user interaction, and no confidentiality/integri...

7.5CVSS7.5AI score0.00783EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.93 views

CVE-2022-43285

CVE-2022-43285 affects Nginx NJS 0.7.4. The issue is a segmentation violation in the function njs_promise_reaction_job. The vendor disputes the significance, stating NJS does not operate on untrusted input. Practical impact is a potential crash/DoS as described by the PT-2022-5323 entry, which al...

7.5CVSS7.5AI score0.0074EPSS
CVE
CVE
added 2022/07/18 8:14 p.m.92 views

CVE-2022-34029

Scope and impact: CVE-2022-34029 affects Nginx NJS 0.7.4, with an out-of-bounds read via njs_scope_value in njs_scope.h. The vulnerability is described across multiple sources (e.g., NVD, Red Hat, osv.dev) as a high-severity issue with CVSS 3.1 base score 9.1, indicating critical impact to confid...

9.1CVSS9.1AI score0.01029EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.92 views

CVE-2022-43284

Nginx NJS versions 0.7.2–0.7.4 have a segmentation violation in njs_scope_valid_value (njs_scope.h). Redundant vendor dispute notes that NJS does not operate on untrusted input. Potential impact is unspecified in detail in the sources, but PT-2022-5321 mentions a possible denial of service via th...

7.5CVSS7.5AI score0.00797EPSS
CVE
CVE
added 2022/04/14 2:8 p.m.90 views

CVE-2022-27007

CVE-2022-27007 affects nginx njs 0.7.2. The issue is a Use-after-free in njs_function_frame_alloc() when invoked from a restored frame saved with njs_function_frame_save() , potentially impacting confidentiality, integrity, and availability. Multiple sources corroborate the vulnerability in nginx...

9.8CVSS9.3AI score0.01591EPSS
CVE
CVE
added 2019/06/29 11:29 p.m.89 views

CVE-2019-13067

CVE-2019-13067 affects njs up to 0.3.3, used in NGINX. It is a buffer over-read in nxt_utf8_decode (nxt/nxt_utf8.c) occurring after the CVE-2019-12207 fix. CVSS: 2.0/3.0 vectors indicate HIGH/CRITICAL impact. Connected documents confirm the same root cause and describe remediation steps for IBM C...

9.8CVSS9.4AI score0.01597EPSS
CVE
CVE
added 2022/05/12 6:48 p.m.89 views

CVE-2022-29369

CVE-2022-29369 affects Nginx NJS v0.7.2. The vulnerability is a segmentation violation caused by a fault in njs_lvlhsh_bucket_find (njs_lvlhsh.c). CVSS details in the sources show CVSS‑2.0/3.1 scores with network attack vector, low complexity, no authentication, and availability impact described ...

7.5CVSS7.5AI score0.01099EPSS
CVE
CVE
added 2022/04/14 2:4 p.m.88 views

CVE-2022-27008

The vulnerability CVE-2022-27008 affects nginx njs 0.7.2. A type confusion in Array.prototype.concat() when a slow array is appended to a fast array leads to a Buffer Overflow in the njs interpreter inside Nginx. This can enable a remote attacker to cause a denial of service. Practical exploitati...

7.5CVSS7.4AI score0.01698EPSS
CVE
CVE
added 2020/08/13 6:52 p.m.87 views

CVE-2020-24346

CVE-2020-24346 affects the NGINX-integrated JavaScript engine, specifically njs through 0.4.3. The vulnerability is a use-after-free in function njs_json_parse_iterator_call within njs_json.c. This concrete detail is corroborated by multiple sources in the connected documents (e.g., Red Hat, NVD,...

7.8CVSS7.6AI score0.01047EPSS
CVE
CVE
added 2020/08/13 6:51 p.m.87 views

CVE-2020-24349

CVE-2020-24349 affects njs up to version 0.4.3 used in NGINX, enabling a control-flow hijack in njs_value_property within njs_value.c. Public sources confirm the issue, with Red Hat and PT-Security entries citing vulnerable versions prior to 0.4.4 and recommending upgrading to 0.4.4+ to resolve. ...

5.5CVSS5.5AI score0.00535EPSS
CVE
CVE
added 2022/07/18 8:14 p.m.86 views

CVE-2022-34032

CVE-2022-34032 summary (data from provided sources) : Nginx NJS 0.7.5 contains a segmentation violation in the function njs_value_own_enumerate (src/njs_value.c). This CVE has a CVSS v3.1 base score of 7.5 (High): Attack Vector Network, Attack Complexity Low, Privileges Required None, User Intera...

7.5CVSS7.5AI score0.00783EPSS
CVE
CVE
added 2019/05/20 1:28 p.m.85 views

CVE-2019-12207

CVE-2019-12207 affects njs (through 0.3.1) used with NGINX, caused by a heap-based buffer over-read in nxt_utf8_decode (nxt/nxt_utf8.c). CVSS v3 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and availability with network access and no authentication. The provided ...

9.8CVSS9.3AI score0.01823EPSS
CVE
CVE
added 2023/04/04 12:0 a.m.85 views

CVE-2020-19692

CVE-2020-19692 affects Nginx NJS v0feca92. The vulnerability is a Buffer Overflow in the njs_module_read function in njs_module.c, enabling a remote attacker to execute arbitrary code. Public sources describe Nginx NJS as a scripting component for Nginx, with references indicating this issue allo...

9.8CVSS9.6AI score0.01318EPSS
CVE
CVE
added 2022/06/21 12:57 p.m.82 views

CVE-2022-31306

CVE-2022-31306 affects Nginx NJS v0.7.2, where the vulnerability is a segmentation violation in the function njs_array_convert_to_slow_array located in src/njs_array.c. The connected documents explicitly describe the issue as a segmentation fault in that function, with no additional details on af...

5.5CVSS5.5AI score0.00628EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.82 views

CVE-2022-43286

CVE-2022-43286 affects the Nginx NJS component: version 0.7.2 . The root cause is a heap-use-after-free caused by an illegal memory copy in the function njs_json_parse_iterator_call located in njs_json.c . CVSS v3.1 scores reported as 9.8 (CRITICAL) with network attack vector, no user interaction...

9.8CVSS9.4AI score0.00898EPSS
CVE
CVE
added 2020/08/13 6:52 p.m.81 views

CVE-2020-24347

The connected data confirms CVE-2020-24347 affects njs up to version 0.4.3 when used with NGINX, due to an out-of-bounds read in njs_lvlhsh_level_find (njs_lvlhsh.c). Affected component: njs (embedded JavaScript) used in NGINX; root cause is an out-of-bounds read in the hash-level lookup implemen...

5.5CVSS5.4AI score0.00422EPSS
CVE
CVE
added 2022/07/18 8:14 p.m.81 views

CVE-2022-34028

CVE-2022-34028 affects Nginx NJS 0.7.5. The vulnerability is a segmentation fault triggered by njs_utf8_next in src/njs_utf8.h, as described in connected records. The NVD entry links a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector, no privileges, no user interaction, and availabil...

7.5CVSS7.5AI score0.00903EPSS
CVE
CVE
added 2022/04/15 1:6 p.m.80 views

CVE-2022-28049

CVE-2022-28049 affects NGINX NJS 0.7.2, where a NULL pointer dereference in the njs_vmcode.c component (njs_vmcode_array) can cause a crash/denial of service. Connected sources confirm the same description across multiple databases (no explicit patch/version fix detailed). No exploitation or work...

5.5CVSS5.5AI score0.00804EPSS
CVE
CVE
added 2022/06/21 12:57 p.m.79 views

CVE-2022-32414

CVE-2022-32414 concerns Nginx NJS v0.7.2, where a segmentation fault occurs in the njs_vmcode_interpreter function (src/njs_vmcode.c). Technical details across connected sources confirm the affected component (NJS in Nginx) and the root cause is a segmentation violation within the VM code interpr...

5.5CVSS5.5AI score0.00628EPSS
CVE
CVE
added 2019/05/20 1:28 p.m.78 views

CVE-2019-12206

CVE-2019-12206 affects NGINX with NJS up to 0.3.1, where a heap-based buffer overflow in nxt_utf8_encode (nxt/nxt_utf8.c) can be triggered by overly long data. Documented impact includes potential remote code execution or crashes; the issue is addressed in later NJS/NGINX advisories. Remediation ...

9.8CVSS9.6AI score0.01986EPSS
CVE
CVE
added 2022/06/21 12:57 p.m.78 views

CVE-2022-31307

The provided connected records confirm a concrete vulnerability: Nginx NJS version 0.7.2 contains a segmentation violation in the function njs_string_offset (src/njs_string.c). This is the root cause described consistently across CVE-2022-31307 entries (NVD, Red Hat, OSV, CVE lists). The impact i...

5.5CVSS5.5AI score0.00628EPSS
CVE
CVE
added 2022/07/18 8:14 p.m.78 views

CVE-2022-34030

The CVE-2022-34030 entry concerns Nginx NJS 0.7.5, with a segmentation fault in the njs_djb_hash function (src/njs_djb_hash.c). The vulnerability is described as a segmentation violation, indicating a crash or denial of service condition. The available connected documents confirm the affected com...

7.5CVSS7.5AI score0.00783EPSS
CVE
CVE
added 2019/05/20 1:29 p.m.77 views

CVE-2019-12208

NGINX njs (njs up to 0.3.1) contains a heap-based buffer overflow in njs_function_native_call (njs/njs_function.c). A remote attacker could overflow a buffer by sending overly long data and potentially execute arbitrary code. This CVE is observed across multiple vendor advisories acknowledging th...

9.8CVSS9.6AI score0.01708EPSS
CVE
CVE
added 2022/07/18 8:14 p.m.77 views

CVE-2022-34027

Summary: CVE-2022-34027 affects Nginx NJS 0.7.4. A vulnerability in the njs_value_property function (njs_value.c) may cause a segmentation fault and enable remote code execution. The CVSSv3.1 base score is 7.5 ( HIGH ), with network access, no user interaction required. Details from connected sou...

7.5CVSS7.5AI score0.00783EPSS
CVE
CVE
added 2022/05/25 12:56 p.m.74 views

CVE-2022-29379

CVE-2022-29379 affects Nginx NJS v0.7.3. The vulnerability is a stack overflow in the function njs_default_module_loader (njs_module.c). Multiple sources dispute the issue, noting it may reside only in unreleased development code and not in released 0.7.2/0.7.3/0.7.4 builds. Public references lis...

9.8CVSS9.7AI score0.01691EPSS
CVE
CVE
added 2020/08/13 6:52 p.m.73 views

CVE-2020-24348

The CVE-2020-24348 vulnerability is in njs up to version 0.4.3, used in NGINX. It stems from an out-of-bounds read in the njs_json_stringify_iterator function within njs_json.c. The provided sources do not specify affected product versions beyond 0.4.3, nor do they detail the exploit vectors, imp...

5.5CVSS5.4AI score0.00418EPSS
CVE
CVE
added 2022/09/15 3:28 p.m.69 views

CVE-2022-38890

CVE-2022-38890 affects Nginx NJS 0.7.7. A segmentation violation is triggered by the njs_utf8_next function in src/njs_utf8.h. Public sources consistently describe the vulnerability as a segmentation fault in NJS, with NVD citing a CVSS v3.1 base score of 5.5 (Medium) and local attack vector, req...

5.5CVSS5.5AI score0.00287EPSS
CVE
CVE
added 2023/04/09 12:0 a.m.66 views

CVE-2023-27728

CVE-2023-27728 affects Nginx NJS v0.7.10. The vulnerability is a segmentation fault caused by a memory boundary read in the function njs_dump_is_recursive (src/njs_vmcode.c). Impact described in multiple sources as a potential denial-of-service risk. Some connected docs suggest the issue could be...

7.5CVSS7.5AI score0.0074EPSS
CVE
CVE
added 2019/05/09 1:7 p.m.65 views

CVE-2019-11839

CVE-2019-11839 affects the NGINX NJS component (njs up to 0.3.1). The vulnerability is a heap-based buffer overflow in Array.prototype.push after a resize, caused by mishandling the size in njs_array_expand (njs/njs_array.c). Red Hat and other sources confirm this is a year‑old entry, with common...

9.8CVSS9.6AI score0.01643EPSS
CVE
CVE
added 2023/04/09 12:0 a.m.65 views

CVE-2023-27729

Summary: CVE-2023-27729 affects Nginx NJS 0.7.10. The issue is an illegal memcpy in the function njs_vmcode_return in src/njs_vmcode.c, which can lead to a memory overflow. The CVSS 3.1 base score is 7.5 (HIGH) with NETWORK attack vector, no privileges, no user interaction, and availability impac...

7.5CVSS7.5AI score0.00659EPSS
CVE
CVE
added 2023/04/09 12:0 a.m.62 views

CVE-2023-27727

Nginx NJS 0.7.10 is affected by a segmentation violation in njs_function_frame (src/njs_function.h). The CVE-2023-27727 entry identifies a memory-access fault that can cause a denial of service. Multiple sources corroborate the issue for NJS v0.7.10; a workaround noted in PT-2023-7315 suggests te...

7.5CVSS7.5AI score0.00732EPSS
CVE
CVE
added 2026/05/19 2:4 p.m.60 views

CVE-2026-8711

Summary (CVE-2026-8711): NGINX JavaScript (njs) is vulnerable when the js_fetch_proxy directive uses at least one client-controlled variable (e.g., $http_, $arg_ , $cookie_*) and a location invokes ngx.fetch(). An unauthenticated remote attacker can send crafted HTTP requests that may trigger a h...

9.8CVSS6.2AI score0.00889EPSS
CVE
CVE
added 2019/05/09 1:7 p.m.59 views

CVE-2019-11838

CVE-2019-11838 concerns njs (used in NGINX) up to version 0.3.1, with a heap-based buffer overflow in Array.prototype.splice after a resize. The root cause is reported as mishandling the size in njs_array_expand, affecting njs_array_prototype_splice in njs/njs_array.c. Documents consistently desc...

9.8CVSS9.6AI score0.01598EPSS
CVE
CVE
added 2019/05/09 1:7 p.m.55 views

CVE-2019-11837

CVE-2019-11837 affects njs up to version 0.3.1 used in NGINX. The vulnerability is a segmentation fault in String.prototype.toBytes for negative arguments, tied to nxt_utf8_next (nxt/nxt_utf8.h) and njs_string_offset (njs/njs_string.c). The connected documents provide concrete technical details a...

7.5CVSS7.4AI score0.01379EPSS
CVE
CVE
added 2023/04/09 12:0 a.m.54 views

CVE-2023-27730

CVE-2023-27730 affects Nginx NJS 0.7.10 , with a segmentation violation in the function njs_lvlhsh_find located in src/njs_lvlhsh.c . The incident is reflected with a CVSS v3.1 base score of 7.5 (HIGH) and affects availability (A) while confidentiality and integrity are unchanged. The attack vect...

7.5CVSS7.5AI score0.0074EPSS