Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jerryscript
(Jerryscript)| Repositories | https://github.com/jerryscript-project/jerryscript |
| #Vulnerabilities | 92 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-13 | CVE-2020-24345 | JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option | Jerryscript | 7.8 | ||
| 2022-02-17 | CVE-2022-22901 | There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. | Jerryscript | 5.5 | ||
| 2023-09-20 | CVE-2023-36109 | Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. | Jerryscript | 9.8 | ||
| 2023-08-21 | CVE-2023-38961 | Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. | Jerryscript | 9.8 | ||
| 2023-08-11 | CVE-2020-24187 | An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | Jerryscript | 5.5 | ||
| 2022-01-25 | CVE-2021-44988 | Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. | Jerryscript | 7.8 | ||
| 2022-04-05 | CVE-2021-41752 | Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | Jerryscript | 9.8 | ||
| 2022-04-07 | CVE-2021-43453 | A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657. | Jerryscript | 9.8 | ||
| 2023-07-07 | CVE-2023-36201 | An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. | Jerryscript | 7.5 | ||
| 2023-07-03 | CVE-2020-22597 | An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. | Jerryscript | 9.8 |