CVE-2021-46462 — F5 NJS vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 14

Latest updateFeb 15

Description

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

▶Alpinef5/nginx< 1.20.2-r2+7

▶NVDf5/njs0.7.1

GHSA

GHSA-ghww-grw3-m7r6: njs through 0↗2022-02-15

▶

OSV

CVE-2021-46462: njs through 0↗2022-02-14

▶

CVEList

CVE-2021-46462: njs through 0↗2022-02-14

▶