Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-44789: CVE-2022-44789/PublicReferenceURL.txt at main · alalng/CVE-2022-44789

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.1 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

CVE
#vulnerability#js#git#java#rce

> [Suggested description]

> A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through

> 1.3.1 allows an attacker to achieve Remote Code Execution through

> memory corruption, via the loading of a crafted

> JavaScript file.

>

> ------------------------------------------

>

> [VulnerabilityType Other]

> Heap Memory Corruption

>

> ------------------------------------------

>

> [Vendor of Product]

> Artifex

>

> ------------------------------------------

>

> [Affected Product Code Base]

> MuJS - v1.0.0 - v1.3.1

>

> ------------------------------------------

>

> [Affected Component]

> mujs, mujs-pp, jsobject.c, O_getOwnPropertyDescriptor()

>

> ------------------------------------------

>

> [Attack Type]

> Remote

>

> ------------------------------------------

>

> [Impact Code execution]

> true

>

> ------------------------------------------

>

> [Impact Information Disclosure]

> true

>

> ------------------------------------------

>

> [Reference]

> https://artifex.com/products/mujs/

> https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f

>

> ------------------------------------------

>

> [Attack Vectors]

> Loading a malicious JavaScript file.

>

> ------------------------------------------

>

> [Discoverer]

> Alvin Ng

> https://github.com/alalng

Use CVE-2022-44789.

Related news

Gentoo Linux Security Advisory 202405-06

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

Debian Security Advisory 5291-1

Debian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907