VYPR

mjs

by Cesanta

CVEs (83)

  • CVE-2024-35385MedMay 21, 2024
    risk 0.28cvss 4.3epss 0.01

    An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.

  • CVE-2023-50044CriDec 20, 2023
    risk 0.00cvss 9.8epss 0.01

    Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.

  • CVE-2021-31875CriApr 29, 2021
    risk 0.00cvss 9.8epss 0.02

    In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding…

Page 5 of 5