Mcsky

**Name of the Vulnerable Software and Affected Versions** jsish version 2.0 **Description** A type confusion occurs during the execution of the `OP NEXT` opcode. This happens when an "instanceof" expression uses an array element access as the left-hand operand within a for-in loop, causing the implementation to leave an extra array reference on the stack instead of consuming it during `OP INSTANCEOF`. Consequently, `OP NEXT` treats the array as an iterator object and reads the `iterCmd` function pointer from an invalid structure, which may lead to a crash or arbitrary code execution depending on the heap layout. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.