Description
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
References (3)
Core 3
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/nginx/njs/issues/469
Patch, Third Party Advisory x_refsource_misc
https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220519-0008/
Scores
CVSS v3
9.8
EPSS
0.0050
EPSS Percentile
66.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
f5/njs
0.7.2
Published
Apr 14, 2022
Tracked Since
Feb 18, 2026