cesanta/mjs

GitHub

github.com

mongoose-os.com

Releases63

Frequency3 weeks 4 days

Last Release over 4 years ago

Stars2.04K

Embedded JavaScript engine for C/C++

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-35386 ↗	May 21, 2024Tuesday, 21 May 2024, 14:15	7.5 HIGH	—
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.
CVE-2024-35385 ↗	May 21, 2024Tuesday, 21 May 2024, 14:15	4.3 MEDIUM	—
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.
CVE-2024-35384 ↗	May 21, 2024Tuesday, 21 May 2024, 14:15	5.5 MEDIUM	—
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.
CVE-2023-49550 ↗	Jan 2, 2024Tuesday, 2 January 2024, 23:15	7.5 HIGH	—
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.
CVE-2023-49549 ↗	Jan 2, 2024Tuesday, 2 January 2024, 23:15	7.5 HIGH	—
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
CVE-2023-49553 ↗	Jan 2, 2024Tuesday, 2 January 2024, 23:15	7.5 HIGH	—
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.
CVE-2023-49552 ↗	Jan 2, 2024Tuesday, 2 January 2024, 23:15	7.5 HIGH	—
An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.
CVE-2023-49551 ↗	Jan 2, 2024Tuesday, 2 January 2024, 23:15	7.5 HIGH	—
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
CVE-2023-50044 ↗	Dec 20, 2023Wednesday, 20 December 2023, 09:15	9.8 CRITICAL	—
Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
CVE-2023-43338 ↗	Sep 23, 2023Saturday, 23 September 2023, 00:15	9.8 CRITICAL	—
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.
CVE-2023-30088 ↗	May 9, 2023Tuesday, 9 May 2023, 16:15	5.5 MEDIUM	—
An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.
CVE-2023-30087 ↗	May 9, 2023Tuesday, 9 May 2023, 16:15	5.5 MEDIUM	—
Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.
CVE-2023-29570 ↗	Apr 24, 2023Monday, 24 April 2023, 14:15	5.5 MEDIUM	—
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2023-29569 ↗	Apr 14, 2023Friday, 14 April 2023, 12:15	5.5 MEDIUM	—
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2023-29571 ↗	Apr 12, 2023Wednesday, 12 April 2023, 15:15	5.5 MEDIUM	—
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-36535 ↗	Feb 3, 2023Friday, 3 February 2023, 18:15	5.5 MEDIUM	—
Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.
CVE-2021-33447 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c.
CVE-2021-33449 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c.
CVE-2021-33448 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.
CVE-2021-33439 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c.
CVE-2021-33445 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.
CVE-2021-33446 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c.
CVE-2021-33444 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c.
CVE-2021-33443 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c.
CVE-2021-33442 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c.
CVE-2021-33441 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c.
CVE-2021-33440 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c.
CVE-2021-33438 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.
CVE-2021-33437 ↗	Jul 26, 2022Tuesday, 26 July 2022, 13:15	5.5 MEDIUM	—
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.
CVE-2021-46548 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46547 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46556 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46554 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46553 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46550 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46549 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46525 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c.
CVE-2021-46545 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46546 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46544 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46522 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53.
CVE-2021-46523 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c.
CVE-2021-46524 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c.
CVE-2021-46543 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e810. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46526 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c.
CVE-2021-46527 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c.
CVE-2021-46528 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46529 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46530 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_execute at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46531 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8d28e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46532 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via exec_expr at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46534 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via getprop_builtin_foreign at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46535 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46537 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46538 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46539 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46540 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_get_mjs at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46541 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c6ae. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46542 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46510 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0.
CVE-2021-46516 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46519 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c.
CVE-2021-46520 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c.
CVE-2021-46518 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c.
CVE-2021-46509 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.
CVE-2021-46517 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46508 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.
CVE-2021-46515 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46514 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46513 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c.
CVE-2021-46511 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46521 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	7.8 HIGH	6.8 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c.
CVE-2021-46512 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2020-36369 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36375 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36374 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36373 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36372 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36371 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36370 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-18392 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36368 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36367 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2020-36366 ↗	May 28, 2021Friday, 28 May 2021, 21:15	5.5 MEDIUM	4.3 MEDIUM
Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2021-31875 ↗	Apr 29, 2021Thursday, 29 April 2021, 02:15	9.8 CRITICAL	7.5 HIGH
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."