Shodan
Vulnerabilities
Vulnerable Software
Jerryscript:  Security Vulnerabilities
CVE-2020-23310
There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-10
CVE-2020-23311
There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-10
CVE-2020-23312
There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-10
CVE-2020-29657
In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.
CVSS Score
9.1
EPSS Score
0.005
Published
2020-12-09
CVE-2020-13991
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
CVSS Score
7.5
EPSS Score
0.011
Published
2020-09-24
CVE-2020-24344
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-08-13
CVE-2020-24345
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
CVSS Score
7.8
EPSS Score
0.003
Published
2020-08-13
CVE-2020-14163
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-06-15
CVE-2020-13649
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-05-28
CVE-2020-13622
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-05-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved