Cesanta Mjs

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Cesanta Mjs.

By the Year

In 2026 there have been 0 vulnerabilities in Cesanta Mjs. Mjs did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	8	7.50
2023	8	6.58
2022	57	5.98
2021	11	0.00

It may take a day or so for new Mjs vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Cesanta Mjs Security Vulnerabilities

Cesanta mjs 2.20.0 Remote DoS via mjs_array_length in mjs.c
CVE-2024-35384 - May 21, 2024

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file.

Cesanta mjs 2.20.0 DOS via mjs_mk_ffi_sig in mjs.c
CVE-2024-35385 - May 21, 2024

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in the mjs.c file.

Cesanta mjs 2.20.0 DoS via mjs_do_gc
CVE-2024-35386 - May 21, 2024

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc function in the mjs.c file.

Cesanta mjs 2.20.0 DoS via mjs_getretvalpos in msj.c
CVE-2023-49549 7.5 - High - January 02, 2024

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.

OOB Write in Cesanta mjs 2.20.0 via mjs_op_json_stringify
CVE-2023-49552 7.5 - High - January 02, 2024

An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.

Out-of-bounds Read

Cesanta mjs 2.20.0 DoS via mjs_destroy in msj.c
CVE-2023-49553 7.5 - High - January 02, 2024

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.

Remote DoS in Cesanta mjs 2.20.0 via mjs+0x4ec508 component
CVE-2023-49550 7.5 - High - January 02, 2024

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.

Cesanta mjs 2.20.0 Remote DoS via mjs_op_json_parse in msj.c
CVE-2023-49551 7.5 - High - January 02, 2024

An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.

Cesanta MJS 2.20.0 OOB Read via getprop_builtin_foreign
CVE-2023-50044 9.8 - Critical - December 20, 2023

Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.

Classic Buffer Overflow

Cesanta mjs v2.20.0 - Function Pointer Hijack via mjs_get_ptr()
CVE-2023-43338 9.8 - Critical - September 23, 2023

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.

Memory Corruption

Cesanta MJS v1.26 Buffer Overflow in mjs_mk_string causes DoS
CVE-2023-30087 5.5 - Medium - May 09, 2023

Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.

Memory Corruption

Cesanta MJS 1.26 local DoS via mjs_execute
CVE-2023-30088 5.5 - Medium - May 09, 2023

An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.

Buffer Overflow

Cesanta MJS 2.20.0 SEGV via mjs_ffi_cb_free leads to DoS
CVE-2023-29570 5.5 - Medium - April 24, 2023

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS <2.20.0 SEGV via ffi_cb_impl_wpwwwww DoS
CVE-2023-29569 5.5 - Medium - April 14, 2023

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS 2.20.0 SEGV DoS via gc_sweep
CVE-2023-29571 5.5 - Medium - April 12, 2023

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-36535: Remote Buffer Overflow in Cesanta mJS 1.26 via crafted .js
CVE-2021-36535 5.5 - Medium - February 03, 2023

Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf.

Memory Corruption

mJS NULL ptr deref in exec_expr() ES6 Engine
CVE-2021-33441 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c.

NULL Pointer Dereference

NULL pointer deref in mJS_bcode_part_get_by_offset() (mJS engine)
CVE-2021-33449 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c.

NULL Pointer Dereference

mJS Stack Buffer Overflow (CVE-2021-33448)
CVE-2021-33448 5.5 - Medium - July 26, 2022

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

Memory Corruption

NULL Pointer Deref in mJS Restricted JS Engine's mjs_print()
CVE-2021-33447 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c.

NULL Pointer Dereference

mJS Null Pointer Deref in mjs_next() - ES6 Engine
CVE-2021-33446 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c.

NULL Pointer Dereference

mJS NULL Pointer Dereference in mjs_string_char_code_at()
CVE-2021-33445 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c.

NULL Pointer Dereference

mJS NULL Pointer Deref. getprop_builtin_foreign() Vulnerability
CVE-2021-33444 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c.

NULL Pointer Dereference

mJS Null Pointer Deref in json_printf()
CVE-2021-33442 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c.

NULL Pointer Dereference

Stack Buffer Overflow in mJS Restricted JS Engine (mjs_execute)
CVE-2021-33443 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c.

Memory Corruption

mJS NULL pointer deref in mjs_bcode_commit
CVE-2021-33440 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c.

NULL Pointer Dereference

mJS Integer Overflow in gc_compact_strings()
CVE-2021-33439 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c.

Integer Overflow or Wraparound

mJS Restricted JS Engine Stack Buffer Overflow (json_parse_array)
CVE-2021-33438 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.

Memory Corruption

Memory leak in frozen_cb() of mJS (Restricted JS Engine)
CVE-2021-33437 5.5 - Medium - July 26, 2022

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.

Memory Leak

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow
CVE-2021-46519 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c.

Memory Corruption

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow
CVE-2021-46518 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c.

Memory Corruption

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c
CVE-2021-46516 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow
CVE-2021-46513 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/mjs_string.c.

Classic Buffer Overflow

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c
CVE-2021-46512 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a stack overflow
CVE-2021-46509 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.

Stack Exhaustion

There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46517 5.5 - Medium - January 27, 2022

There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.

assertion failure

There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46515 5.5 - Medium - January 27, 2022

There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.

assertion failure

There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46514 5.5 - Medium - January 27, 2022

There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.

assertion failure

There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46511 5.5 - Medium - January 27, 2022

There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.

assertion failure

There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.
CVE-2021-46508 5.5 - Medium - January 27, 2022

There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.

assertion failure

There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0.
CVE-2021-46510 5.5 - Medium - January 27, 2022

There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0.

assertion failure

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow
CVE-2021-46520 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c.

Memory Corruption

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow
CVE-2021-46521 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c.

Classic Buffer Overflow

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c
CVE-2021-46556 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c
CVE-2021-46554 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c
CVE-2021-46553 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c
CVE-2021-46550 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c
CVE-2021-46549 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c
CVE-2021-46548 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e
CVE-2021-46547 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS).

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Cesanta Mjs or by Cesanta? Click the Watch button to subscribe.

Cesanta
Vendor

Cesanta Mjs
Product

Cesanta Mjs

Don't miss out!

By the Year

Recent Cesanta Mjs Security Vulnerabilities

Cesanta mjs 2.20.0 Remote DoS via mjs_array_length in mjs.c CVE-2024-35384 - May 21, 2024

Cesanta mjs 2.20.0 DOS via mjs_mk_ffi_sig in mjs.c CVE-2024-35385 - May 21, 2024

Cesanta mjs 2.20.0 DoS via mjs_do_gc CVE-2024-35386 - May 21, 2024

Cesanta mjs 2.20.0 DoS via mjs_getretvalpos in msj.c CVE-2023-49549 7.5 - High - January 02, 2024

OOB Write in Cesanta mjs 2.20.0 via mjs_op_json_stringify CVE-2023-49552 7.5 - High - January 02, 2024

Cesanta mjs 2.20.0 DoS via mjs_destroy in msj.c CVE-2023-49553 7.5 - High - January 02, 2024

Remote DoS in Cesanta mjs 2.20.0 via mjs+0x4ec508 component CVE-2023-49550 7.5 - High - January 02, 2024

Cesanta mjs 2.20.0 Remote DoS via mjs_op_json_parse in msj.c CVE-2023-49551 7.5 - High - January 02, 2024

Cesanta MJS 2.20.0 OOB Read via getprop_builtin_foreign CVE-2023-50044 9.8 - Critical - December 20, 2023

Cesanta mjs v2.20.0 - Function Pointer Hijack via mjs_get_ptr() CVE-2023-43338 9.8 - Critical - September 23, 2023

Cesanta MJS v1.26 Buffer Overflow in mjs_mk_string causes DoS CVE-2023-30087 5.5 - Medium - May 09, 2023

Cesanta MJS 1.26 local DoS via mjs_execute CVE-2023-30088 5.5 - Medium - May 09, 2023

Cesanta MJS 2.20.0 SEGV via mjs_ffi_cb_free leads to DoS CVE-2023-29570 5.5 - Medium - April 24, 2023

Cesanta MJS <2.20.0 SEGV via ffi_cb_impl_wpwwwww DoS CVE-2023-29569 5.5 - Medium - April 14, 2023

Cesanta MJS 2.20.0 SEGV DoS via gc_sweep CVE-2023-29571 5.5 - Medium - April 12, 2023

CVE-2021-36535: Remote Buffer Overflow in Cesanta mJS 1.26 via crafted .js CVE-2021-36535 5.5 - Medium - February 03, 2023

mJS NULL ptr deref in exec_expr() ES6 Engine CVE-2021-33441 5.5 - Medium - July 26, 2022

NULL pointer deref in mJS_bcode_part_get_by_offset() (mJS engine) CVE-2021-33449 5.5 - Medium - July 26, 2022

mJS Stack Buffer Overflow (CVE-2021-33448) CVE-2021-33448 5.5 - Medium - July 26, 2022

NULL Pointer Deref in mJS Restricted JS Engine's mjs_print() CVE-2021-33447 5.5 - Medium - July 26, 2022

mJS Null Pointer Deref in mjs_next() - ES6 Engine CVE-2021-33446 5.5 - Medium - July 26, 2022

mJS NULL Pointer Dereference in mjs_string_char_code_at() CVE-2021-33445 5.5 - Medium - July 26, 2022

mJS NULL Pointer Deref. getprop_builtin_foreign() Vulnerability CVE-2021-33444 5.5 - Medium - July 26, 2022

mJS Null Pointer Deref in json_printf() CVE-2021-33442 5.5 - Medium - July 26, 2022

Stack Buffer Overflow in mJS Restricted JS Engine (mjs_execute) CVE-2021-33443 5.5 - Medium - July 26, 2022

mJS NULL pointer deref in mjs_bcode_commit CVE-2021-33440 5.5 - Medium - July 26, 2022

mJS Integer Overflow in gc_compact_strings() CVE-2021-33439 5.5 - Medium - July 26, 2022

mJS Restricted JS Engine Stack Buffer Overflow (json_parse_array) CVE-2021-33438 5.5 - Medium - July 26, 2022

Memory leak in frozen_cb() of mJS (Restricted JS Engine) CVE-2021-33437 5.5 - Medium - July 26, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow CVE-2021-46519 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow CVE-2021-46518 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c CVE-2021-46516 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow CVE-2021-46513 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c CVE-2021-46512 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a stack overflow CVE-2021-46509 7.8 - High - January 27, 2022

There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. CVE-2021-46517 5.5 - Medium - January 27, 2022

There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. CVE-2021-46515 5.5 - Medium - January 27, 2022

There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. CVE-2021-46514 5.5 - Medium - January 27, 2022

There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. CVE-2021-46511 5.5 - Medium - January 27, 2022

There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. CVE-2021-46508 5.5 - Medium - January 27, 2022

There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0. CVE-2021-46510 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow CVE-2021-46520 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow CVE-2021-46521 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c CVE-2021-46556 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c CVE-2021-46554 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c CVE-2021-46553 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c CVE-2021-46550 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c CVE-2021-46549 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c CVE-2021-46548 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e CVE-2021-46547 5.5 - Medium - January 27, 2022

Stay on top of Security Vulnerabilities

Cesanta Vendor

Cesanta MjsProduct

Cesanta mjs 2.20.0 Remote DoS via mjs_array_length in mjs.c
CVE-2024-35384 - May 21, 2024

Cesanta mjs 2.20.0 DOS via mjs_mk_ffi_sig in mjs.c
CVE-2024-35385 - May 21, 2024

Cesanta mjs 2.20.0 DoS via mjs_do_gc
CVE-2024-35386 - May 21, 2024

Cesanta mjs 2.20.0 DoS via mjs_getretvalpos in msj.c
CVE-2023-49549 7.5 - High - January 02, 2024

OOB Write in Cesanta mjs 2.20.0 via mjs_op_json_stringify
CVE-2023-49552 7.5 - High - January 02, 2024

Cesanta mjs 2.20.0 DoS via mjs_destroy in msj.c
CVE-2023-49553 7.5 - High - January 02, 2024

Remote DoS in Cesanta mjs 2.20.0 via mjs+0x4ec508 component
CVE-2023-49550 7.5 - High - January 02, 2024

Cesanta mjs 2.20.0 Remote DoS via mjs_op_json_parse in msj.c
CVE-2023-49551 7.5 - High - January 02, 2024

Cesanta MJS 2.20.0 OOB Read via getprop_builtin_foreign
CVE-2023-50044 9.8 - Critical - December 20, 2023

Cesanta mjs v2.20.0 - Function Pointer Hijack via mjs_get_ptr()
CVE-2023-43338 9.8 - Critical - September 23, 2023

Cesanta MJS v1.26 Buffer Overflow in mjs_mk_string causes DoS
CVE-2023-30087 5.5 - Medium - May 09, 2023

Cesanta MJS 1.26 local DoS via mjs_execute
CVE-2023-30088 5.5 - Medium - May 09, 2023

Cesanta MJS 2.20.0 SEGV via mjs_ffi_cb_free leads to DoS
CVE-2023-29570 5.5 - Medium - April 24, 2023

Cesanta MJS <2.20.0 SEGV via ffi_cb_impl_wpwwwww DoS
CVE-2023-29569 5.5 - Medium - April 14, 2023

Cesanta MJS 2.20.0 SEGV DoS via gc_sweep
CVE-2023-29571 5.5 - Medium - April 12, 2023

CVE-2021-36535: Remote Buffer Overflow in Cesanta mJS 1.26 via crafted .js
CVE-2021-36535 5.5 - Medium - February 03, 2023

mJS NULL ptr deref in exec_expr() ES6 Engine
CVE-2021-33441 5.5 - Medium - July 26, 2022

NULL pointer deref in mJS_bcode_part_get_by_offset() (mJS engine)
CVE-2021-33449 5.5 - Medium - July 26, 2022

mJS Stack Buffer Overflow (CVE-2021-33448)
CVE-2021-33448 5.5 - Medium - July 26, 2022

NULL Pointer Deref in mJS Restricted JS Engine's mjs_print()
CVE-2021-33447 5.5 - Medium - July 26, 2022

mJS Null Pointer Deref in mjs_next() - ES6 Engine
CVE-2021-33446 5.5 - Medium - July 26, 2022

mJS NULL Pointer Dereference in mjs_string_char_code_at()
CVE-2021-33445 5.5 - Medium - July 26, 2022

mJS NULL Pointer Deref. getprop_builtin_foreign() Vulnerability
CVE-2021-33444 5.5 - Medium - July 26, 2022

mJS Null Pointer Deref in json_printf()
CVE-2021-33442 5.5 - Medium - July 26, 2022

Stack Buffer Overflow in mJS Restricted JS Engine (mjs_execute)
CVE-2021-33443 5.5 - Medium - July 26, 2022

mJS NULL pointer deref in mjs_bcode_commit
CVE-2021-33440 5.5 - Medium - July 26, 2022

mJS Integer Overflow in gc_compact_strings()
CVE-2021-33439 5.5 - Medium - July 26, 2022

mJS Restricted JS Engine Stack Buffer Overflow (json_parse_array)
CVE-2021-33438 5.5 - Medium - July 26, 2022

Memory leak in frozen_cb() of mJS (Restricted JS Engine)
CVE-2021-33437 5.5 - Medium - July 26, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow
CVE-2021-46519 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow
CVE-2021-46518 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs_core.c
CVE-2021-46516 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow
CVE-2021-46513 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c
CVE-2021-46512 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a stack overflow
CVE-2021-46509 7.8 - High - January 27, 2022

There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46517 5.5 - Medium - January 27, 2022

There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0.
CVE-2021-46515 5.5 - Medium - January 27, 2022

There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46514 5.5 - Medium - January 27, 2022

There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.
CVE-2021-46511 5.5 - Medium - January 27, 2022

There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.
CVE-2021-46508 5.5 - Medium - January 27, 2022

There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0.
CVE-2021-46510 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow
CVE-2021-46520 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow
CVE-2021-46521 7.8 - High - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c
CVE-2021-46556 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c
CVE-2021-46554 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c
CVE-2021-46553 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c
CVE-2021-46550 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c
CVE-2021-46549 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c
CVE-2021-46548 5.5 - Medium - January 27, 2022

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e
CVE-2021-46547 5.5 - Medium - January 27, 2022

Cesanta
Vendor

Cesanta Mjs
Product