Njs Security Vulnerabilities and Issues — Njs CVE List

Lucene search

F5Njs

12 matches found

CVE•added 2022/02/14 10:15 p.m.•183 views

CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.

9.8CVSS9.5AI score0.00477EPSS

CVE•added 2022/02/14 10:15 p.m.•143 views

CVE-2021-46463

njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().

9.8CVSS9.4AI score0.00434EPSS

CVE•added 2022/04/14 3:15 p.m.•73 views

CVE-2022-27007

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

9.8CVSS9.3AI score0.00445EPSS

CVE•added 2022/07/18 9:15 p.m.•73 views

CVE-2022-34029

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

9.1CVSS9.1AI score0.00371EPSS

CVE•added 2019/06/30 12:15 a.m.•72 views

CVE-2019-13067

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.

9.8CVSS9.4AI score0.00439EPSS

CVE•added 2022/10/28 9:15 p.m.•65 views

CVE-2022-43286

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

9.8CVSS9.4AI score0.00073EPSS

CVE•added 2019/05/20 2:29 p.m.•58 views

CVE-2019-12206

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.

9.8CVSS9.6AI score0.004EPSS

CVE•added 2022/05/25 1:15 p.m.•58 views

CVE-2022-29379

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 relea...

9.8CVSS9.7AI score0.00471EPSS

CVE•added 2019/05/20 2:29 p.m.•55 views

CVE-2019-12208

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.

9.8CVSS9.6AI score0.00465EPSS

CVE•added 2019/05/20 2:29 p.m.•52 views

CVE-2019-12207

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.

9.8CVSS9.3AI score0.00439EPSS

CVE•added 2019/05/09 2:29 p.m.•47 views

CVE-2019-11839

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8CVSS9.6AI score0.00389EPSS

CVE•added 2019/05/09 2:29 p.m.•42 views

CVE-2019-11838

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.

9.8CVSS9.6AI score0.00389EPSS