Segmentation Violation in Nginx NJS JavaScript Module Activating Credential Exposure
CVE-2022-31307

5.5MEDIUM

Key Information:

Vendor: F5
Status: Njs
Vendor: CVE Published:; 21 June 2022

What is CVE-2022-31307?

A segmentation violation was identified in Nginx's NJS JavaScript module version 0.7.2, specifically within the 'njs_string_offset' function. This flaw can lead to unexpected behavior, potentially allowing an attacker to expose sensitive information or disrupt services. It is crucial for users of this module to review their implementations and apply any available patches promptly to safeguard against potential exploitation.

References

https://github.com/nginx/njs/issues/482

x_refsource_MISC

https://github.com/nginx/njs/commit/eafe4c7a326b163612f10...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2022
Vulnerability Reserved
May 23, 2022

F5

What is CVE-2022-31307?

References

CVSS V3.1

Timeline