40 matches found
CVE-2022-25139
CVE-2022-25139 affects njs up to version 0.7.0 (used in NGINX). The issue is a heap use-after-free in njs_await_fulfilled. CVSS metrics indicate High/CRITICAL impact across confidentiality, integrity, and availability (BASE scores: 7.5/9.8). The connected documents confirm the vulnerable componen...
CVE-2020-19695
CVE-2020-19695 affects Nginx NJS (njs/njs_vm.c) with a buffer overflow in the njs_object_property handling, enabling a remote attacker to execute arbitrary code. Impact is high (network vector, no user interaction), with affected Nginx NJS builds prior to a patched release. Red Hat/Mariner notes ...
CVE-2021-46463
CVE-2021-46463: In njs (used in NGINX) up to version 0.7.1, a Type Confusion in njs_promise_perform_then() enables control-flow hijack. NVD lists high/critical scores (CVSS v3.1: 9.8) with network attacker, no user interaction. Affected: njs within NGINX. Remediation/fix not specified in the prov...
CVE-2019-13617
CVE-2019-13617 affects njs up to 0.3.3 used in NGINX. The vulnerability is a heap-based buffer over-read in nxt_vsprintf (nxt/nxt_sprintf.c) during error handling, demonstrated by an njs_regexp_literal path that triggers njs_parser_lexer_error and then njs_parser_scope_error. Impact described as ...
CVE-2021-46462
CVE-2021-46462 affects njs (the scripting language used in NGINX). The issue is a segmentation fault in njs_object_set_prototype (file /src/njs_object.c) when using njs through version up to 0.7.1. The vulnerability is documented across multiple feeds (NVD, OSV, OSV Alpine, etc.) with the core de...
CVE-2022-34031
CVE-2022-34031 affects Nginx NJS v0.7.5. The vulnerability is a segmentation violation caused by njs_value_to_number in src/njs_value_conversion.h, which may crash the process. Reported CVSS v3.1 base score 7.5 (HIGH) with network attack vector, no user interaction, and no confidentiality/integri...
CVE-2022-43285
CVE-2022-43285 affects Nginx NJS 0.7.4. The issue is a segmentation violation in the function njs_promise_reaction_job. The vendor disputes the significance, stating NJS does not operate on untrusted input. Practical impact is a potential crash/DoS as described by the PT-2022-5323 entry, which al...
CVE-2022-34029
Scope and impact: CVE-2022-34029 affects Nginx NJS 0.7.4, with an out-of-bounds read via njs_scope_value in njs_scope.h. The vulnerability is described across multiple sources (e.g., NVD, Red Hat, osv.dev) as a high-severity issue with CVSS 3.1 base score 9.1, indicating critical impact to confid...
CVE-2022-43284
Nginx NJS versions 0.7.2–0.7.4 have a segmentation violation in njs_scope_valid_value (njs_scope.h). Redundant vendor dispute notes that NJS does not operate on untrusted input. Potential impact is unspecified in detail in the sources, but PT-2022-5321 mentions a possible denial of service via th...
CVE-2022-27007
CVE-2022-27007 affects nginx njs 0.7.2. The issue is a Use-after-free in njs_function_frame_alloc() when invoked from a restored frame saved with njs_function_frame_save() , potentially impacting confidentiality, integrity, and availability. Multiple sources corroborate the vulnerability in nginx...
CVE-2019-13067
CVE-2019-13067 affects njs up to 0.3.3, used in NGINX. It is a buffer over-read in nxt_utf8_decode (nxt/nxt_utf8.c) occurring after the CVE-2019-12207 fix. CVSS: 2.0/3.0 vectors indicate HIGH/CRITICAL impact. Connected documents confirm the same root cause and describe remediation steps for IBM C...
CVE-2022-29369
CVE-2022-29369 affects Nginx NJS v0.7.2. The vulnerability is a segmentation violation caused by a fault in njs_lvlhsh_bucket_find (njs_lvlhsh.c). CVSS details in the sources show CVSS‑2.0/3.1 scores with network attack vector, low complexity, no authentication, and availability impact described ...
CVE-2022-27008
The vulnerability CVE-2022-27008 affects nginx njs 0.7.2. A type confusion in Array.prototype.concat() when a slow array is appended to a fast array leads to a Buffer Overflow in the njs interpreter inside Nginx. This can enable a remote attacker to cause a denial of service. Practical exploitati...
CVE-2020-24346
CVE-2020-24346 affects the NGINX-integrated JavaScript engine, specifically njs through 0.4.3. The vulnerability is a use-after-free in function njs_json_parse_iterator_call within njs_json.c. This concrete detail is corroborated by multiple sources in the connected documents (e.g., Red Hat, NVD,...
CVE-2020-24349
CVE-2020-24349 affects njs up to version 0.4.3 used in NGINX, enabling a control-flow hijack in njs_value_property within njs_value.c. Public sources confirm the issue, with Red Hat and PT-Security entries citing vulnerable versions prior to 0.4.4 and recommending upgrading to 0.4.4+ to resolve. ...
CVE-2022-34032
CVE-2022-34032 summary (data from provided sources) : Nginx NJS 0.7.5 contains a segmentation violation in the function njs_value_own_enumerate (src/njs_value.c). This CVE has a CVSS v3.1 base score of 7.5 (High): Attack Vector Network, Attack Complexity Low, Privileges Required None, User Intera...
CVE-2019-12207
CVE-2019-12207 affects njs (through 0.3.1) used with NGINX, caused by a heap-based buffer over-read in nxt_utf8_decode (nxt/nxt_utf8.c). CVSS v3 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and availability with network access and no authentication. The provided ...
CVE-2020-19692
CVE-2020-19692 affects Nginx NJS v0feca92. The vulnerability is a Buffer Overflow in the njs_module_read function in njs_module.c, enabling a remote attacker to execute arbitrary code. Public sources describe Nginx NJS as a scripting component for Nginx, with references indicating this issue allo...
CVE-2022-43286
CVE-2022-43286 affects the Nginx NJS component: version 0.7.2 . The root cause is a heap-use-after-free caused by an illegal memory copy in the function njs_json_parse_iterator_call located in njs_json.c . CVSS v3.1 scores reported as 9.8 (CRITICAL) with network attack vector, no user interaction...
CVE-2020-24347
The connected data confirms CVE-2020-24347 affects njs up to version 0.4.3 when used with NGINX, due to an out-of-bounds read in njs_lvlhsh_level_find (njs_lvlhsh.c). Affected component: njs (embedded JavaScript) used in NGINX; root cause is an out-of-bounds read in the hash-level lookup implemen...
CVE-2022-31306
CVE-2022-31306 affects Nginx NJS v0.7.2, where the vulnerability is a segmentation violation in the function njs_array_convert_to_slow_array located in src/njs_array.c. The connected documents explicitly describe the issue as a segmentation fault in that function, with no additional details on af...
CVE-2022-34028
CVE-2022-34028 affects Nginx NJS 0.7.5. The vulnerability is a segmentation fault triggered by njs_utf8_next in src/njs_utf8.h, as described in connected records. The NVD entry links a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector, no privileges, no user interaction, and availabil...
CVE-2022-28049
CVE-2022-28049 affects NGINX NJS 0.7.2, where a NULL pointer dereference in the njs_vmcode.c component (njs_vmcode_array) can cause a crash/denial of service. Connected sources confirm the same description across multiple databases (no explicit patch/version fix detailed). No exploitation or work...
CVE-2022-32414
CVE-2022-32414 concerns Nginx NJS v0.7.2, where a segmentation fault occurs in the njs_vmcode_interpreter function (src/njs_vmcode.c). Technical details across connected sources confirm the affected component (NJS in Nginx) and the root cause is a segmentation violation within the VM code interpr...
CVE-2019-12206
CVE-2019-12206 affects NGINX with NJS up to 0.3.1, where a heap-based buffer overflow in nxt_utf8_encode (nxt/nxt_utf8.c) can be triggered by overly long data. Documented impact includes potential remote code execution or crashes; the issue is addressed in later NJS/NGINX advisories. Remediation ...
CVE-2022-31307
The provided connected records confirm a concrete vulnerability: Nginx NJS version 0.7.2 contains a segmentation violation in the function njs_string_offset (src/njs_string.c). This is the root cause described consistently across CVE-2022-31307 entries (NVD, Red Hat, OSV, CVE lists). The impact i...
CVE-2022-34030
The CVE-2022-34030 entry concerns Nginx NJS 0.7.5, with a segmentation fault in the njs_djb_hash function (src/njs_djb_hash.c). The vulnerability is described as a segmentation violation, indicating a crash or denial of service condition. The available connected documents confirm the affected com...
CVE-2019-12208
NGINX njs (njs up to 0.3.1) contains a heap-based buffer overflow in njs_function_native_call (njs/njs_function.c). A remote attacker could overflow a buffer by sending overly long data and potentially execute arbitrary code. This CVE is observed across multiple vendor advisories acknowledging th...
CVE-2022-34027
Summary: CVE-2022-34027 affects Nginx NJS 0.7.4. A vulnerability in the njs_value_property function (njs_value.c) may cause a segmentation fault and enable remote code execution. The CVSSv3.1 base score is 7.5 ( HIGH ), with network access, no user interaction required. Details from connected sou...
CVE-2022-29379
CVE-2022-29379 affects Nginx NJS v0.7.3. The vulnerability is a stack overflow in the function njs_default_module_loader (njs_module.c). Multiple sources dispute the issue, noting it may reside only in unreleased development code and not in released 0.7.2/0.7.3/0.7.4 builds. Public references lis...
CVE-2020-24348
The CVE-2020-24348 vulnerability is in njs up to version 0.4.3, used in NGINX. It stems from an out-of-bounds read in the njs_json_stringify_iterator function within njs_json.c. The provided sources do not specify affected product versions beyond 0.4.3, nor do they detail the exploit vectors, imp...
CVE-2022-38890
CVE-2022-38890 affects Nginx NJS 0.7.7. A segmentation violation is triggered by the njs_utf8_next function in src/njs_utf8.h. Public sources consistently describe the vulnerability as a segmentation fault in NJS, with NVD citing a CVSS v3.1 base score of 5.5 (Medium) and local attack vector, req...
CVE-2023-27728
CVE-2023-27728 affects Nginx NJS v0.7.10. The vulnerability is a segmentation fault caused by a memory boundary read in the function njs_dump_is_recursive (src/njs_vmcode.c). Impact described in multiple sources as a potential denial-of-service risk. Some connected docs suggest the issue could be...
CVE-2019-11839
CVE-2019-11839 affects the NGINX NJS component (njs up to 0.3.1). The vulnerability is a heap-based buffer overflow in Array.prototype.push after a resize, caused by mishandling the size in njs_array_expand (njs/njs_array.c). Red Hat and other sources confirm this is a year‑old entry, with common...
CVE-2023-27729
Summary: CVE-2023-27729 affects Nginx NJS 0.7.10. The issue is an illegal memcpy in the function njs_vmcode_return in src/njs_vmcode.c, which can lead to a memory overflow. The CVSS 3.1 base score is 7.5 (HIGH) with NETWORK attack vector, no privileges, no user interaction, and availability impac...
CVE-2023-27727
Nginx NJS 0.7.10 is affected by a segmentation violation in njs_function_frame (src/njs_function.h). The CVE-2023-27727 entry identifies a memory-access fault that can cause a denial of service. Multiple sources corroborate the issue for NJS v0.7.10; a workaround noted in PT-2023-7315 suggests te...
CVE-2019-11838
CVE-2019-11838 concerns njs (used in NGINX) up to version 0.3.1, with a heap-based buffer overflow in Array.prototype.splice after a resize. The root cause is reported as mishandling the size in njs_array_expand, affecting njs_array_prototype_splice in njs/njs_array.c. Documents consistently desc...
CVE-2026-8711
Summary (CVE-2026-8711): NGINX JavaScript (njs) is vulnerable when the js_fetch_proxy directive uses at least one client-controlled variable (e.g., $http_, $arg_ , $cookie_*) and a location invokes ngx.fetch(). An unauthenticated remote attacker can send crafted HTTP requests that may trigger a h...
CVE-2019-11837
CVE-2019-11837 affects njs up to version 0.3.1 used in NGINX. The vulnerability is a segmentation fault in String.prototype.toBytes for negative arguments, tied to nxt_utf8_next (nxt/nxt_utf8.h) and njs_string_offset (njs/njs_string.c). The connected documents provide concrete technical details a...
CVE-2023-27730
CVE-2023-27730 affects Nginx NJS 0.7.10 , with a segmentation violation in the function njs_lvlhsh_find located in src/njs_lvlhsh.c . The incident is reflected with a CVSS v3.1 base score of 7.5 (HIGH) and affects availability (A) while confidentiality and integrity are unchanged. The attack vect...