Changocheno

**Name of the Vulnerable Software and Affected Versions** njs versions prior to 0.4.4 **Description** The issue is an out-of-bounds read in the `njs lvlhsh level find` function in `njs lvlhsh.c`. This affects njs, which is used in NGINX. **Recommendations** For versions prior to 0.4.4, update to version 0.4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** njs versions prior to 0.4.4 **Description** The issue allows for control-flow hijack in the `njs value property` function within `njs value.c`. It is noted that the vendor considers this issue to be of minimal concern in the NGINX use case due to the lack of a remote attack surface. **Recommendations** For versions prior to 0.4.4, update to version 0.4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LuaJit versions 2.1.0-beta3 and earlier **Description** The issue is related to an out-of-bounds read in LuaJit, caused by mishandled gc handler frame traversal. This can be exploited by a remote attacker to cause a denial of service. The problem is also associated with the `finderrfunc` function in the `src/lj err.c` file of the LuaJIT compiler, which is related to reading beyond the permissible boundaries of a data buffer. **Recommendations** For LuaJit versions 2.1.0-beta3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.