彙總 JerryScript 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 記憶體損壞與緩衝區溢位,在 軟體部署與生產負載 使用場景中可能帶來 記憶體損壞與應用程式崩潰 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-33260 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c | [email protected] | 5.1 | 0.06% | 2024-04-26 | 2025-09-22 |
| CVE-2024-33259 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. | [email protected] | 5.5 | 0.01% | 2024-04-26 | 2025-09-22 |
| CVE-2024-33258 | Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. | [email protected] | 7.1 | 0.06% | 2024-04-26 | 2025-09-22 |
| CVE-2024-33255 | Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. | [email protected] | 6.2 | 0.01% | 2024-04-26 | 2025-09-22 |
| CVE-2024-29489 | Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. | [email protected] | 5.5 | 0.03% | 2024-03-28 | 2025-09-22 |
| CVE-2023-36109 | Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. | [email protected] | 9.8 | 20.36% | 2023-09-20 | 2024-11-21 |
| CVE-2023-38961 | Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. | [email protected] | 9.8 | 8.37% | 2023-08-21 | 2024-11-21 |
| CVE-2020-24187 | An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | [email protected] | 5.5 | 0.03% | 2023-08-11 | 2024-11-21 |
| CVE-2023-36201 | An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. | [email protected] | 7.5 | 0.15% | 2023-07-07 | 2024-11-21 |
| CVE-2020-22597 | An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. | [email protected] | 9.8 | 1.16% | 2023-07-03 | 2024-11-21 |
| CVE-2023-34868 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. | [email protected] | 7.5 | 0.09% | 2023-06-14 | 2025-01-02 |
| CVE-2023-34867 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. | [email protected] | 7.5 | 0.09% | 2023-06-14 | 2025-01-03 |
| CVE-2023-31921 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | [email protected] | 5.5 | 0.07% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31920 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | [email protected] | 5.5 | 0.08% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31919 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. | [email protected] | 5.5 | 0.05% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31918 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | [email protected] | 5.5 | 0.05% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31916 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | [email protected] | 5.5 | 0.05% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31914 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | [email protected] | 5.5 | 0.05% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31913 | Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | [email protected] | 5.5 | 0.05% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31910 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. | [email protected] | 7.8 | 0.08% | 2023-05-10 | 2025-01-28 |