CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.

**Version**

_Version: 3.0.0_ ( 6fe763f )

**Execution steps**

/root/.jsvu/jerry Testcase.js

**Test case 1**

var foo \= function(it) {
    var a \= \[...it, , \];
    print(a);
    print(a.length);
};
var Parameter0 \= \[1, 2\];
foo(Parameter0);

**Output 1****Expected behavior****Test case 2**

var foo \= function(it) {
    var arr \= \[ , \];
    var a \= it.concat(arr);
    print(a);
    print(a.length);
};
var Parameter0 \= \[1, 2\];
foo(Parameter0);

**Output 2****Description**

We tested on multiple JS engines, Testcase 1 and Testcase 2 should have the same consequent. But jerryscript outputs abnormal results when executing Testcase 1.

Maybe the problem is about array literal handling which looks like it deleted all the vacancies. The same bug has reported to Hermes(facebook/hermes#729) and has been fixed.

Looking forward to your reply :)

Headline

CVE-2023-36201: Array concatenation exception · Issue #5026 · jerryscript-project/jerryscript

CVE: Latest News