Denial of Service Vulnerability in Cesanta MJS Product
CVE-2023-49551

7.5HIGH

Key Information:

Vendor: Cesanta
Status: Mjs
Vendor: CVE Published:; 2 January 2024

What is CVE-2023-49551?

A vulnerability exists in the Cesanta MJS version 2.20.0 that enables remote attackers to exploit a flaw in the mjs_op_json_parse function located in the msj.c file. This weakness allows attackers to cause a denial of service, potentially disrupting the functionality of applications utilizing this product. Organizations using this version of MJS should take immediate precautions to mitigate risks associated with this vulnerability.

References

https://github.com/cesanta/mjs/issues/257

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
Nov 27, 2023

CVE-2023-49551 Data

JSON