CVE-2019-11837 — F5 NJS vulnerability

CWE-1893 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 NJS

Timeline

PublishedMay 9

Latest updateMay 24

Description

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDf5/njs0.3.1

🔴Vulnerability Details

GHSA

GHSA-rj39-h9jv-68r2: njs through 0↗2022-05-24

▶

CVEList

CVE-2019-11837: njs through 0↗2019-05-09

▶