tags:type_confusionOOB_readcodeQLfuzzing original link: Hunting Bugs in Nginx JavaScript Engine (njs) newsletter link: exploits.club Weekly Newsletter 23
Exploits Club Summary:
@0x_shaq released a write-up this week on his research into the Nginx Javascript Interpreter. After some initial fuzzing, he was able to identify two bugs: a type confusion and an OOB read. He then was able to codify the type confusion pattern into a CodeQL query, which found two additional variants.