Product:

Mjs

(Cesanta)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 81
Date Id Summary Products Score Patch Annotated
2024-01-02 CVE-2023-49549 An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. Mjs 7.5
2024-01-02 CVE-2023-49552 An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. Mjs 7.5
2024-01-02 CVE-2023-49553 An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. Mjs 7.5
2024-01-02 CVE-2023-49550 An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. Mjs 7.5
2023-12-20 CVE-2023-50044 Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. Mjs 9.8
2023-09-23 CVE-2023-43338 Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. Mjs 9.8
2022-01-27 CVE-2021-46509 Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c. Mjs 7.8
2022-07-26 CVE-2021-33437 An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c. Mjs 5.5
2023-05-09 CVE-2023-30087 Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. Mjs 5.5
2023-05-09 CVE-2023-30088 An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. Mjs 5.5