First published: Thu Aug 13 2020(Updated: )
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
F5 Njs | <=0.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24349 is a vulnerability in njs, specifically in the njs_value_property function in njs_value.c.
CVE-2020-24349 has a severity rating of medium, with a severity value of 5.5.
CVE-2020-24349 affects NGINX as it uses the vulnerable version of njs (0.4.3).
The vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
To fix CVE-2020-24349, update to a version of njs that is not affected by the vulnerability.