CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27007
https://notcve.org/view.php?id=CVE-2022-27007
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). nginx njs versión 0.7.2 está afectado por un Uso de memoria previamente liberado en la función njs_function_frame_alloc() cuando intenta invocar desde un marco restaurado guardado con njs_function_frame_save() • https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53 https://github.com/nginx/njs/issues/469 https://security.netapp.com/advisory/ntap-20220519-0008 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27008
https://notcve.org/view.php?id=CVE-2022-27008
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. nginx njs versión 0.7.2 es vulnerable a Un Desbordamiento de Búfer. Una confusión de tipo en la función Array.prototype.concat() cuando un elemento anexado de un array lento es un array rápido • https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716 https://github.com/nginx/njs/issues/471 https://security.netapp.com/advisory/ntap-20220519-0008 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46463
https://notcve.org/view.php?id=CVE-2021-46463
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). Se ha detectado que njs versiones hasta 0.7.1, usado en NGINX, contiene un secuestro del flujo de control causado por una vulnerabilidad de Confusión de Tipos en la función njs_promise_perform_then() • https://github.com/nginx/njs/commit/6a40a85ff239497c6458c7dbef18f6a2736fe992 https://github.com/nginx/njs/issues/447 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25139
https://notcve.org/view.php?id=CVE-2022-25139
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. Se ha detectado que njs versiones hasta 0.7.0, usado en NGINX, contiene un uso de memoria previamente liberada de la pila en la función njs_await_fulfilled • https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6 https://github.com/nginx/njs/issues/451 https://security.netapp.com/advisory/ntap-20220303-0007 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46462
https://notcve.org/view.php?id=CVE-2021-46462
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. Se ha detectado que njs versiones hasta 0.7.1, usado en NGINX, contenía una violación de segmentación por medio de la función njs_object_set_prototype en el archivo /src/njs_object.c • https://github.com/nginx/njs/commit/39e8fa1b7db1680654527f8fa0e9ee93b334ecba https://github.com/nginx/njs/issues/449 https://security.netapp.com/advisory/ntap-20220303-0007 •