pcmacdon/jsish

GitHub

github.com

jsish.org

Releases2

Frequency3 years 6 months

Last Release over 6 years ago

Stars47

Jsi is a small, C-embeddable javascript interpreter with tightly woven Web and DB support.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-24186 ↗	Feb 7, 2024Wednesday, 7 February 2024, 14:15	9.8 CRITICAL	—
Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.
CVE-2024-24189 ↗	Feb 7, 2024Wednesday, 7 February 2024, 14:15	9.8 CRITICAL	—
Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.
CVE-2024-24188 ↗	Feb 7, 2024Wednesday, 7 February 2024, 14:15	9.8 CRITICAL	—
Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.
CVE-2020-23260 ↗	Apr 4, 2023Tuesday, 4 April 2023, 15:15	7.5 HIGH	—
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.
CVE-2020-23258 ↗	Apr 4, 2023Tuesday, 4 April 2023, 15:15	7.5 HIGH	—
An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.
CVE-2020-23259 ↗	Apr 4, 2023Tuesday, 4 April 2023, 15:15	7.5 HIGH	—
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
CVE-2021-46499 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46507 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.
CVE-2021-46506 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0.
CVE-2021-46505 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5.
CVE-2021-46504 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0.
CVE-2021-46503 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46502 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46501 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46500 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46489 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46498 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46486 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46487 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46488 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46484 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46490 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46491 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46492 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46494 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46495 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46496 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46497 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46485 ↗	Jan 27, 2022Thursday, 27 January 2022, 21:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46483 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	7.8 HIGH	6.8 MEDIUM
Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.
CVE-2021-46482 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	7.8 HIGH	6.8 MEDIUM
Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.
CVE-2021-46481 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.
CVE-2021-46480 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46478 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46477 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46475 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2021-46474 ↗	Jan 25, 2022Tuesday, 25 January 2022, 01:15	5.5 MEDIUM	4.3 MEDIUM
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2020-22873 ↗	Jul 13, 2021Tuesday, 13 July 2021, 15:15	9.8 CRITICAL	7.5 HIGH
Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.
CVE-2020-22907 ↗	Jul 13, 2021Tuesday, 13 July 2021, 15:15	7.5 HIGH	5 MEDIUM
Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.
CVE-2020-22875 ↗	Jul 13, 2021Tuesday, 13 July 2021, 15:15	9.8 CRITICAL	7.5 HIGH
Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.
CVE-2020-22874 ↗	Jul 13, 2021Tuesday, 13 July 2021, 15:15	9.8 CRITICAL	7.5 HIGH
Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.