CVE-2022-25139 (https://github.com/nginx/njs/issues/451): njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. Patch: https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6): CVE-2021-46461 (https://github.com/nginx/njs/issues/450): njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c. Patch: https://github.com/nginx/njs/commit/d457c9545e7e71ebb5c0479eb16b9d33175855e2 CVE-2021-46462 (https://github.com/nginx/njs/issues/449): njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c. Patch: https://github.com/nginx/njs/commit/39e8fa1b7db1680654527f8fa0e9ee93b334ecba CVE-2021-46463 (https://github.com/nginx/njs/issues/447): njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then(). Patch: https://github.com/nginx/njs/commit/6a40a85ff239497c6458c7dbef18f6a2736fe992 Maintainer, are we affected? Please also clarify if we are still affected in https://bugs.gentoo.org/686424.
These were fixed by bug 838247, all of the patches are in njs-0.7.2. No GLSA for the same reason as that bug - JS that nginx executes is trusted. All done!
