Skip to main content

Njs

38 CVEs product

Monthly

CVE-2023-27730 HIGH POC This Week

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nginx Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27729 HIGH PATCH This Week

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Nginx Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27728 HIGH POC This Week

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nginx Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27727 HIGH POC This Week

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nginx Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-43286 CRITICAL POC PATCH Act Now

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Nginx Use After Free Njs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-43285 HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Nginx Buffer Overflow Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-43284 HIGH POC This Week

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-38890 MEDIUM POC This Month

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Buffer Overflow Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-35173 HIGH POC PATCH This Week

An issue was discovered in Nginx NJS v0.7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-34032 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34031 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34030 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34029 CRITICAL POC Act Now

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Buffer Overflow Information Disclosure Njs
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-34028 HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-34027 HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-32414 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-31307 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-31306 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-30503 MEDIUM PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-29780 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-29779 MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-29379 CRITICAL POC PATCH Act Now

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Nginx Buffer Overflow Njs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2022-29369 HIGH PATCH This Week

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-28049 MEDIUM POC PATCH This Month

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nginx Null Pointer Dereference Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2022-27008 HIGH POC PATCH This Week

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Buffer Overflow Njs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-27007 CRITICAL POC PATCH Act Now

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-24349 MEDIUM POC This Month

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption Nginx Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-24348 MEDIUM POC This Month

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-24347 MEDIUM POC This Month

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-24346 HIGH POC This Week

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption Nginx Njs
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-13617 MEDIUM POC This Month

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2019-13067 CRITICAL POC Act Now

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-12208 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2019-12207 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-12206 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-11839 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11838 CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption Njs
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2019-11837 HIGH POC This Week

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nginx +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Nginx Njs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nginx +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Nginx +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Information Disclosure Nginx +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Nginx Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Nginx NJS v0.7.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Nginx Buffer Overflow +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nginx Information Disclosure Njs
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Nginx Null Pointer Dereference +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nginx Buffer Overflow Njs
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Use After Free Nginx +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Information Disclosure +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Nginx Memory Corruption +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Njs
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy