彙總 jsish 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 記憶體損壞與緩衝區溢位 等問題,部分漏洞可能導致 記憶體損壞,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-65570 | A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather than consuming it during OP_INSTANCEOF. As a result, OP_NEXT interprets the array as an iterator object and reads the iterCmd function pointer from an invalid structure, potentially causing a crash or en | [email protected] | 9.8 | 0.45% | 2025-12-29 | 2026-06-17 |
| CVE-2024-24189 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | [email protected] | 9.8 | 0.69% | 2024-02-07 | 2026-06-17 |
| CVE-2024-24188 | Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | [email protected] | 9.8 | 0.80% | 2024-02-07 | 2026-06-17 |
| CVE-2024-24186 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | [email protected] | 9.8 | 0.88% | 2024-02-07 | 2026-06-17 |
| CVE-2020-23260 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. | [email protected] | 7.5 | 0.77% | 2023-04-04 | 2026-06-16 |
| CVE-2020-23259 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. | [email protected] | 7.5 | 0.77% | 2023-04-04 | 2026-06-16 |
| CVE-2020-23258 | An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | [email protected] | 7.5 | 1.00% | 2023-04-04 | 2026-06-16 |
| CVE-2021-46507 | Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. | [email protected] | 5.5 | 0.60% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46506 | There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0. | [email protected] | 5.5 | 0.60% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46505 | Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. | [email protected] | 5.5 | 0.60% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46504 | There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0. | [email protected] | 5.5 | 0.60% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46503 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.63% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46502 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.65% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46501 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.63% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46500 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.63% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46499 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.63% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46498 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.63% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46497 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.63% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46496 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.65% | 2022-01-27 | 2026-06-17 |
| CVE-2021-46495 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | [email protected] | 5.5 | 0.63% | 2022-01-27 | 2026-06-17 |