Jerryscript: >> Jerryscript >> 2.2.0 Security Vulnerabilities
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-08-13
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-13
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-15
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-05-28
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-27
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-27
Page 3