Buffer Overflow Vulnerability in Nginx NJS
CVE-2020-19695

9.8CRITICAL

Key Information:

Vendor: Nginx
Status: Njs
Vendor: CVE Published:; 4 April 2023

What is CVE-2020-19695?

A buffer overflow vulnerability has been identified in Nginx NJS, which could enable a remote attacker to execute arbitrary code. This flaw is triggered through improper handling of the njs_object_property parameter within the njs_vm.c function, potentially allowing unauthorized access and manipulation of the system. It is critical for users of Nginx NJS to be aware of this vulnerability and ensure they update to the latest version to safeguard against potential exploits.

References

https://github.com/nginx/njs/issues/188

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 4, 2023
Vulnerability Reserved
Aug 13, 2020