CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27007
https://notcve.org/view.php?id=CVE-2022-27007
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). nginx njs versión 0.7.2 está afectado por un Uso de memoria previamente liberado en la función njs_function_frame_alloc() cuando intenta invocar desde un marco restaurado guardado con njs_function_frame_save() • https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53 https://github.com/nginx/njs/issues/469 https://security.netapp.com/advisory/ntap-20220519-0008 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27008
https://notcve.org/view.php?id=CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. nginx njs versión 0.7.2 es vulnerable a Un Desbordamiento de Búfer. Una confusión de tipo en la función Array.prototype.concat() cuando un elemento anexado de un array lento es un array rápido • https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716 https://github.com/nginx/njs/issues/471 https://security.netapp.com/advisory/ntap-20220519-0008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25139
https://notcve.org/view.php?id=CVE-2022-25139
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. Se ha detectado que njs versiones hasta 0.7.0, usado en NGINX, contiene un uso de memoria previamente liberada de la pila en la función njs_await_fulfilled • https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6 https://github.com/nginx/njs/issues/451 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-416: Use After Free •