CVE-2020-22597

Опубликовано: 03 июл. 2023

Источник: debian

Описание

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
iotjs	fixed	1.0+715-1		package
iotjs	not-affected		buster	package

Примечания

https://github.com/jerryscript-project/jerryscript/issues/3637
https://github.com/jerryscript-project/jerryscript/commit/c237ba6097815a66dbcd90a58201f38ce72986ab

Связанные уязвимости

CVE-2020-22597

CVSS3: 9.8

ubuntu

больше 2 лет назад

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.

CVE-2020-22597

CVSS3: 9.8

nvd

больше 2 лет назад

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.

GHSA-8c73-q248-7298

CVSS3: 9.8

github

больше 2 лет назад

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.