Njs Security Vulnerabilities and Issues — Njs CVE List

Lucene search

F5Njs

39 matches found

CVE•added 2022/02/14 10:15 p.m.•183 views

CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.

9.8CVSS9.5AI score0.00503EPSS

CVE•added 2023/04/04 3:15 p.m.•177 views

CVE-2020-19695

Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

9.8CVSS9.7AI score0.0094EPSS

CVE•added 2022/02/14 10:15 p.m.•143 views

CVE-2021-46463

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

9.8CVSS9.4AI score0.00463EPSS

CVE•added 2019/07/16 5:15 p.m.•135 views

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.

6.5CVSS6.7AI score0.00288EPSS

CVE•added 2022/02/14 10:15 p.m.•105 views

CVE-2021-46462

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.

7.5CVSS7.5AI score0.00736EPSS

CVE•added 2022/07/18 9:15 p.m.•78 views

CVE-2022-34031

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.

7.5CVSS7.5AI score0.0024EPSS

CVE•added 2022/10/28 9:15 p.m.•76 views

CVE-2022-43284

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

7.5CVSS7.5AI score0.00074EPSS

CVE•added 2022/10/28 9:15 p.m.•76 views

CVE-2022-43285

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

7.5CVSS7.5AI score0.00076EPSS

CVE•added 2022/04/14 3:15 p.m.•74 views

CVE-2022-27008

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

7.5CVSS7.4AI score0.00397EPSS

CVE•added 2022/04/14 3:15 p.m.•73 views

CVE-2022-27007

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

9.8CVSS9.3AI score0.00445EPSS

CVE•added 2022/07/18 9:15 p.m.•73 views

CVE-2022-34029

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

9.1CVSS9.1AI score0.00371EPSS

CVE•added 2019/06/30 12:15 a.m.•72 views

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.

9.8CVSS9.4AI score0.00439EPSS

CVE•added 2020/08/13 7:15 p.m.•72 views

CVE-2020-24346

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.

7.8CVSS7.6AI score0.00152EPSS

CVE•added 2020/08/13 7:15 p.m.•72 views

CVE-2020-24349

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

5.5CVSS5.5AI score0.00127EPSS

CVE•added 2022/07/18 9:15 p.m.•68 views

CVE-2022-34028

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.

7.5CVSS7.5AI score0.00313EPSS

CVE•added 2022/04/15 2:15 p.m.•67 views

CVE-2022-28049

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.

5.5CVSS5.5AI score0.00155EPSS

CVE•added 2022/05/12 7:15 p.m.•67 views

CVE-2022-29369

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.

7.5CVSS7.5AI score0.00389EPSS

CVE•added 2023/04/04 3:15 p.m.•66 views

CVE-2020-19692

Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

9.8CVSS9.6AI score0.00874EPSS

CVE•added 2020/08/13 7:15 p.m.•65 views

CVE-2020-24347

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.

5.5CVSS5.4AI score0.00041EPSS

CVE•added 2022/06/21 1:15 p.m.•65 views

CVE-2022-31306

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.

5.5CVSS5.5AI score0.00129EPSS

CVE•added 2022/10/28 9:15 p.m.•65 views

CVE-2022-43286

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

9.8CVSS9.4AI score0.00097EPSS

CVE•added 2022/07/18 9:15 p.m.•64 views

CVE-2022-34032

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

7.5CVSS7.5AI score0.00262EPSS

CVE•added 2022/06/21 1:15 p.m.•61 views

CVE-2022-31307

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.

5.5CVSS5.5AI score0.00249EPSS

CVE•added 2022/07/18 9:15 p.m.•61 views

CVE-2022-34027

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.

7.5CVSS7.5AI score0.00373EPSS

CVE•added 2022/07/18 9:15 p.m.•60 views

CVE-2022-34030

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.

7.5CVSS7.5AI score0.0024EPSS

CVE•added 2022/05/25 1:15 p.m.•59 views

CVE-2022-29379

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 relea...

9.8CVSS9.7AI score0.00471EPSS

CVE•added 2019/05/20 2:29 p.m.•58 views

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.

9.8CVSS9.6AI score0.004EPSS

CVE•added 2020/08/13 7:15 p.m.•58 views

CVE-2020-24348

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.

5.5CVSS5.4AI score0.00041EPSS

CVE•added 2022/06/21 1:15 p.m.•57 views

CVE-2022-32414

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.

5.5CVSS5.5AI score0.00129EPSS

CVE•added 2019/05/20 2:29 p.m.•55 views

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.

9.8CVSS9.6AI score0.00465EPSS

CVE•added 2019/05/20 2:29 p.m.•53 views

CVE-2019-12207

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.

9.8CVSS9.3AI score0.00439EPSS

CVE•added 2022/09/15 4:15 p.m.•53 views

CVE-2022-38890

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h

5.5CVSS5.5AI score0.00024EPSS

CVE•added 2019/05/09 2:29 p.m.•48 views

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8CVSS9.6AI score0.00389EPSS

CVE•added 2023/04/09 8:15 p.m.•47 views

CVE-2023-27729

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.

7.5CVSS7.5AI score0.00077EPSS

CVE•added 2023/04/09 8:15 p.m.•45 views

CVE-2023-27727

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.

7.5CVSS7.5AI score0.00057EPSS

CVE•added 2023/04/09 8:15 p.m.•45 views

CVE-2023-27728

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

7.5CVSS7.5AI score0.00057EPSS

CVE•added 2019/05/09 2:29 p.m.•42 views

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8CVSS9.6AI score0.00389EPSS

CVE•added 2019/05/09 2:29 p.m.•39 views

CVE-2019-11837

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.

7.5CVSS7.4AI score0.00283EPSS

CVE•added 2023/04/09 8:15 p.m.•39 views

CVE-2023-27730

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.

7.5CVSS7.5AI score0.00057EPSS