CVE-2021-46463
published 2022-02-14CVE-2021-46463: njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | njs | <= 0.7.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL