Njs
by Nginx
Source repositories
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-19695 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2023 | Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. | ||
| CVE-2020-19692 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2023 | Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. | ||
| CVE-2019-13067 | Cri | 0.64 | 9.8 | 0.02 | Jun 30, 2019 | njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. | ||
| CVE-2019-12208 | Cri | 0.64 | 9.8 | 0.02 | May 20, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | ||
| CVE-2019-12207 | Cri | 0.64 | 9.8 | 0.02 | May 20, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | ||
| CVE-2019-12206 | Cri | 0.64 | 9.8 | 0.02 | May 20, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | ||
| CVE-2019-11839 | Cri | 0.64 | 9.8 | 0.02 | May 9, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling. | ||
| CVE-2019-11838 | Cri | 0.64 | 9.8 | 0.02 | May 9, 2019 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling. | ||
| CVE-2022-34029 | Cri | 0.59 | 9.1 | 0.01 | Jul 18, 2022 | Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. | ||
| CVE-2026-8711 | Hig | 0.53 | 8.1 | 0.01 | May 19, 2026 | NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker… | ||
| CVE-2020-24346 | Hig | 0.51 | 7.8 | 0.01 | Aug 13, 2020 | njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | ||
| CVE-2023-27730 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2023 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. | ||
| CVE-2023-27729 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2023 | Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. | ||
| CVE-2023-27728 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2023 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. | ||
| CVE-2023-27727 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2023 | Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. | ||
| CVE-2022-43285 | Hig | 0.49 | 7.5 | 0.01 | Oct 28, 2022 | Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input. | ||
| CVE-2022-43284 | Hig | 0.49 | 7.5 | 0.01 | Oct 28, 2022 | Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input. | ||
| CVE-2022-34032 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2022 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | ||
| CVE-2022-34031 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2022 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. | ||
| CVE-2022-34030 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2022 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. |
- risk 0.64cvss 9.8epss 0.01
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.
- risk 0.64cvss 9.8epss 0.01
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.
- risk 0.64cvss 9.8epss 0.02
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
- risk 0.59cvss 9.1epss 0.01
Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.
- risk 0.53cvss 8.1epss 0.01
NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker…
- risk 0.51cvss 7.8epss 0.01
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.
Page 1 of 3