Description
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/nginx/njs/issues/491
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/nginx/njs/issues/493
Patch, Third Party Advisory x_refsource_misc
https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1
Scores
CVSS v3
9.8
EPSS
0.0050
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
f5/njs
0.7.3
Published
May 25, 2022
Tracked Since
Feb 18, 2026