» 2022 » 1월

MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.

Source: CVE-2022-22929

CVE-2022-22892

Posted on 2022년 1월 21일2022년 1월 21일 by admin

CVE-2022-22892

There is an Assertion ‘ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)’ failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0.

Source: CVE-2022-22892

CVE-2022-22895

Posted on 2022년 1월 21일2022년 1월 21일 by admin

CVE-2022-22895

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.

Source: CVE-2022-22895

CVE-2022-22888

Posted on 2022년 1월 21일2022년 1월 21일 by admin

CVE-2022-22888

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

Source: CVE-2022-22888

CVE-2022-22890

Posted on 2022년 1월 21일2022년 1월 21일 by admin

CVE-2022-22890

There is an Assertion ‘arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG’ failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.

Source: CVE-2022-22890

CVE-2021-46351

Posted on 2022년 1월 21일2022년 1월 21일 by admin

CVE-2021-46351

There is an Assertion ‘local_tza == ecma_date_local_time_zone_adjustment (date_value)’ failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.

Source: CVE-2021-46351