CVE-2020-24349

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-24349

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24349.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-24349

Published

2020-08-13T19:15:14.050Z

Modified

2026-04-02T05:08:57.717480Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

njs through 0.4.3, used in NGINX, allows control-flow hijack in njsvalueproperty in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

References

Affected packages

Git / github.com/nginx/njs

Affected ranges

Type

GIT

Repo

https://github.com/nginx/njs

Events

Introduced

Last affected

c3da13fb18f0d8ec809b346096feab572e634486

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.4.3"
        }
    ]
}

Affected versions

0.*

0.1.0

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.14

0.1.15

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7

0.2.8

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.3.7

0.3.8

0.3.9

0.4.0

0.4.1

0.4.2

0.4.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24349.json"