Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Njs
(F5)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-05-20 | CVE-2019-12207 | njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. | Njs | 9.8 | ||
| 2019-05-20 | CVE-2019-12208 | njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | Njs | 9.8 | ||
| 2019-06-30 | CVE-2019-13067 | njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place. | Njs | 9.8 | ||
| 2019-07-16 | CVE-2019-13617 | njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. | Njs | 6.5 | ||
| 2022-02-14 | CVE-2021-46462 | njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. | Njs | 7.5 | ||
| 2022-02-14 | CVE-2021-46463 | njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). | Njs | 9.8 | ||
| 2022-02-14 | CVE-2022-25139 | njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | Njs | 9.8 |