mujs is vulnerable to remote code execution. The vulnerability exists due to the logical issue in the O_getOwnPropertyDescriptor
function, allowing an attacker to inject and execute malicious code through memory corruption via the loading of a crafted javascript file.
github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt
github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f
github.com/ccxvii/mujs/releases/tag/1.3.2
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO/
lists.fedoraproject.org/archives/list/[email protected]/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO/
security-tracker.debian.org/tracker/CVE-2022-44789
www.debian.org/security/2022/dsa-5291