CVE-2020-23311

Name of the Vulnerable Software and Affected Versions JerryScript version 2.2.0

Description The issue is related to an incorrect comparison in the parser parse object initializer function of the js-parser-expr.c component in JerryScript. This could potentially allow a remote attacker to cause a denial of service. The comparison involves checking the context p->token.type against specific values, including LEXER RIGHT BRACE, LEXER ASSIGN, and LEXER COMMA.

Recommendations For JerryScript version 2.2.0, as a temporary workaround, consider disabling the parser parse object initializer function until a patch is available. Restrict access to the js-parser-expr.c component to minimize the risk of exploitation. Avoid using the context p->token.type variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.