This page lists publicly disclosed CVE vulnerabilities affecting cesanta mjs (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-35386 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file. | [email protected] | 7.5 | 1.61% | 2024-05-21 | 2025-05-05 |
| CVE-2024-35385 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file. | [email protected] | 4.3 | 0.89% | 2024-05-21 | 2025-05-05 |
| CVE-2024-35384 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file. | [email protected] | 5.5 | 0.94% | 2024-05-21 | 2025-05-05 |
| CVE-2023-49553 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | [email protected] | 7.5 | 0.36% | 2024-01-02 | 2025-06-03 |
| CVE-2023-49552 | An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. | [email protected] | 7.5 | 0.45% | 2024-01-02 | 2025-04-17 |
| CVE-2023-49551 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. | [email protected] | 7.5 | 0.39% | 2024-01-02 | 2024-11-21 |
| CVE-2023-49550 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. | [email protected] | 7.5 | 0.97% | 2024-01-02 | 2025-05-16 |
| CVE-2023-49549 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | [email protected] | 7.5 | 0.89% | 2024-01-02 | 2025-06-16 |
| CVE-2023-50044 | Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string. | [email protected] | 9.8 | 0.11% | 2023-12-20 | 2024-11-21 |
| CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | [email protected] | 9.8 | 0.29% | 2023-09-23 | 2024-11-21 |
| CVE-2023-30088 | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. | [email protected] | 5.5 | 0.04% | 2023-05-09 | 2025-01-29 |
| CVE-2023-30087 | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. | [email protected] | 5.5 | 0.05% | 2023-05-09 | 2025-01-29 |
| CVE-2023-29570 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.10% | 2023-04-24 | 2025-02-04 |
| CVE-2023-29569 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.07% | 2023-04-14 | 2025-02-06 |
| CVE-2023-29571 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.14% | 2023-04-12 | 2025-02-08 |
| CVE-2021-36535 | Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | [email protected] | 5.5 | 0.13% | 2023-02-03 | 2025-03-26 |
| CVE-2021-33449 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. | [email protected] | 5.5 | 0.05% | 2022-07-26 | 2024-11-21 |
| CVE-2021-33448 | An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. | [email protected] | 5.5 | 0.05% | 2022-07-26 | 2024-11-21 |
| CVE-2021-33447 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. | [email protected] | 5.5 | 0.05% | 2022-07-26 | 2024-11-21 |
| CVE-2021-33446 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c. | [email protected] | 5.5 | 0.05% | 2022-07-26 | 2024-11-21 |