CVE-2022-43285

Name of the Vulnerable Software and Affected Versions Nginx NJS version 0.7.4

Description The issue is related to a buffer overflow in the njs promise reaction job function of the njs interpreter in the nginx server. This could allow a remote attacker to cause a denial of service. The vendor disputes the significance of this report, stating that NJS does not operate on untrusted input.

Recommendations For Nginx NJS version 0.7.4, consider disabling the njs promise reaction job function as a temporary workaround until a patch is available. Restrict access to the njs interpreter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.