CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28049
https://notcve.org/view.php?id=CVE-2022-28049
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. Se ha detectado que NGINX NJS versión 0.7.2, contiene una desreferencia de puntero NULL por medio del componente njs_vmcode_array en /src/njs_vmcode.c • https://github.com/nginx/njs/commit/f65981b0b8fcf02d69a40bc934803c25c9f607ab https://github.com/nginx/njs/issues/473 https://security.netapp.com/advisory/ntap-20220519-0008 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27007
https://notcve.org/view.php?id=CVE-2022-27007
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). nginx njs versión 0.7.2 está afectado por un Uso de memoria previamente liberado en la función njs_function_frame_alloc() cuando intenta invocar desde un marco restaurado guardado con njs_function_frame_save() • https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53 https://github.com/nginx/njs/issues/469 https://security.netapp.com/advisory/ntap-20220519-0008 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27008
https://notcve.org/view.php?id=CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. nginx njs versión 0.7.2 es vulnerable a Un Desbordamiento de Búfer. Una confusión de tipo en la función Array.prototype.concat() cuando un elemento anexado de un array lento es un array rápido • https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716 https://github.com/nginx/njs/issues/471 https://security.netapp.com/advisory/ntap-20220519-0008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •