CVE-2020-24349

EUVD-2020-17083
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
f5njs
𝑥
≤ 0.4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cwe.mitre.org/data/definitions/416.html
https://github.com/nginx/njs/issues/324
https://security.netapp.com/advisory/ntap-20200918-0001/
https://cwe.mitre.org/data/definitions/416.html
https://github.com/nginx/njs/issues/324
https://security.netapp.com/advisory/ntap-20200918-0001/