Njs
by Nginx
Source repositories
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34028 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2022 | Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. | ||
| CVE-2022-34027 | Hig | 0.49 | 7.5 | 0.01 | Jul 18, 2022 | Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | ||
| CVE-2019-11837 | Hig | 0.49 | 7.5 | 0.01 | May 9, 2019 | njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. | ||
| CVE-2019-13617 | Med | 0.42 | 6.5 | 0.01 | Jul 16, 2019 | njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. | ||
| CVE-2022-38890 | Med | 0.36 | 5.5 | 0.00 | Sep 15, 2022 | Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h | ||
| CVE-2020-24349 | Med | 0.36 | 5.5 | 0.01 | Aug 13, 2020 | njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. | ||
| CVE-2020-24348 | Med | 0.36 | 5.5 | 0.00 | Aug 13, 2020 | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. | ||
| CVE-2020-24347 | Med | 0.36 | 5.5 | 0.00 | Aug 13, 2020 | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. | ||
| CVE-2022-43286 | Cri | 0.00 | 9.8 | 0.01 | Oct 28, 2022 | Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. | ||
| CVE-2022-35173 | Hig | 0.00 | 7.5 | 0.01 | Aug 18, 2022 | An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. | ||
| CVE-2022-32414 | Med | 0.00 | 5.5 | 0.01 | Jun 21, 2022 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. | ||
| CVE-2022-31307 | Med | 0.00 | 5.5 | 0.01 | Jun 21, 2022 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. | ||
| CVE-2022-31306 | Med | 0.00 | 5.5 | 0.01 | Jun 21, 2022 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. | ||
| CVE-2022-30503 | Med | 0.00 | 5.5 | 0.00 | Jun 2, 2022 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | ||
| CVE-2022-29780 | Med | 0.00 | 5.5 | 0.00 | Jun 2, 2022 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | ||
| CVE-2022-29779 | Med | 0.00 | 5.5 | 0.00 | Jun 2, 2022 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | ||
| CVE-2022-29379 | Cri | 0.00 | 9.8 | 0.02 | May 25, 2022 | Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2,… | ||
| CVE-2022-29369 | Hig | 0.00 | 7.5 | 0.01 | May 12, 2022 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. | ||
| CVE-2022-28049 | Med | 0.00 | 5.5 | 0.01 | Apr 15, 2022 | NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. | ||
| CVE-2022-27008 | Hig | 0.00 | 7.5 | 0.02 | Apr 14, 2022 | nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. |
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.
- risk 0.49cvss 7.5epss 0.01
Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.
- risk 0.49cvss 7.5epss 0.01
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
- risk 0.42cvss 6.5epss 0.01
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
- risk 0.36cvss 5.5epss 0.00
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h
- risk 0.36cvss 5.5epss 0.01
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
- risk 0.36cvss 5.5epss 0.00
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
- risk 0.36cvss 5.5epss 0.00
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
- risk 0.00cvss 9.8epss 0.01
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
- risk 0.00cvss 7.5epss 0.01
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
- risk 0.00cvss 5.5epss 0.01
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
- risk 0.00cvss 5.5epss 0.01
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
- risk 0.00cvss 5.5epss 0.01
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
- risk 0.00cvss 5.5epss 0.00
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
- risk 0.00cvss 5.5epss 0.00
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
- risk 0.00cvss 5.5epss 0.00
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
- risk 0.00cvss 9.8epss 0.02
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2,…
- risk 0.00cvss 7.5epss 0.01
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
- risk 0.00cvss 5.5epss 0.01
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
- risk 0.00cvss 7.5epss 0.02
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
Page 2 of 3