Base Score

HIGH7.5

CVE-2021-46462

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.

VectorNETWORK

Published Bycve@mitre.org

Published DateFeb 14, 2022, 22:15

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://github.com/nginx/njs/commit/39e8fa1b7db1680654527f8fa0e9ee93b334ecba
https://github.com/nginx/njs/issues/449
https://security.netapp.com/advisory/ntap-20220303-0007/

Base Score

HIGH7.5

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH