Shodan
Vulnerabilities
Vulnerable Software
Jsish:  Security Vulnerabilities
CVE-2025-65570
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather than consuming it during OP_INSTANCEOF. As a result, OP_NEXT interprets the array as an iterator object and reads the iterCmd function pointer from an invalid structure, potentially causing a crash or enabling code execution depending on heap layout.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-12-29
CVE-2024-24186
Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.
CVSS Score
9.8
EPSS Score
0.011
Published
2024-02-07
CVE-2024-24188
Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.
CVSS Score
9.8
EPSS Score
0.01
Published
2024-02-07
CVE-2024-24189
Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-02-07
CVE-2020-23258
An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-04-04
CVE-2020-23259
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-04
CVE-2020-23260
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-04
CVE-2021-46499
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-27
CVE-2021-46500
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-27
CVE-2021-46501
Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-01-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved