CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-19695
https://notcve.org/view.php?id=CVE-2020-19695
Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. • https://github.com/nginx/njs/issues/188 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-43284
https://notcve.org/view.php?id=CVE-2022-43284
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input. ** DISPUTA ** Se descubrió que Nginx NJS v0.7.2 a v0.7.4 contenía una infracción de segmentación a través de njs_scope_valid_value en njs_scope.h. NOTA: el proveedor cuestiona la importancia de este informe porque NJS no opera con información que no sea de confianza. • https://github.com/nginx/njs/issues/470 https://github.com/nginx/njs/issues/529 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29379
https://notcve.org/view.php?id=CVE-2022-29379
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release ** EN DISPUTA ** Se ha detectado que Nginx NJS versión v0.7.3, contiene un desbordamiento de pila en la función njs_default_module_loader en el archivo /src/njs/src/njs_module.c. NOTA: varios terceros discuten este informe, por ejemplo, el comportamiento sólo se encuentra en el código de desarrollo no liberado que no formaba parte de la versión 0.7.2, 0.7.3 o 0.7.4 • https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1 https://github.com/nginx/njs/issues/491 https://github.com/nginx/njs/issues/493 • CWE-787: Out-of-bounds Write •