Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-30503: Fixed Array.prototype.fill() for typed-arrays. · nginx/njs@5c6130a

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.

CVE
#js#git#nginx

Permalink

Browse files

Fixed Array.prototype.fill() for typed-arrays.

This closes #478 issue on Github.

  • Loading branch information

1 parent 81af263 commit 5c6130a2a0b4c41ab415f6b8992aa323636338b9

Showing 2 changed files with 3 additions and 2 deletions.

    • njs_typed_array.c
      • njs_unit_test.c

@@ -702,8 +702,6 @@ njs_typed_array_set_value(njs_vm_t *vm, njs_typed_array_t *array,

njs_typed_array_prop_set(vm, array, index, num);

njs_set_number(setval, num);

return NJS_OK;

}

@@ -5409,6 +5409,9 @@ static njs_unit_test_t njs_test[] =

“Array.prototype.fill.call(o, 2).a”),

njs_str(“4”) },

{ njs_str("Array.prototype.fill.call(new Int32Array(1))"),

njs_str(“0”) },

{ njs_str("ArrayBuffer()"),

njs_str(“TypeError: Constructor ArrayBuffer requires 'new’”) },

0 comments on commit 5c6130a

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907