Heap Use-After-Free Vulnerability in NGINX's njs Up to 0.7.0
CVE-2022-25139
9.8CRITICAL
Summary
A vulnerability in njs, utilized within NGINX, was identified as a heap use-after-free issue in the njs_await_fulfilled function. This flaw can trigger unintended behavior in applications relying on this scripting library, potentially leading to security risks such as code execution or application crashes. It is essential for users to review and update their installations of njs to maintain secure and stable operations.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved