{"url":"http://public2.vulnerablecode.io/api/packages/467173?format=json","purl":"pkg:apk/alpine/njs@0.9.9-r0?arch=x86_64&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"njs","version":"0.9.9-r0","qualifiers":{"arch":"x86_64","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76595?format=json","vulnerability_id":"VCID-gm8u-gcfg-zfce","summary":"NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.    Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8711","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26276","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26371","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26328","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26271","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.2638","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-8711"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137215","reference_id":"1137215","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137215"},{"reference_url":"https://my.f5.com/manage/s/article/K000161307","reference_id":"K000161307","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-19T14:41:10Z/"}],"url":"https://my.f5.com/manage/s/article/K000161307"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/467173?format=json","purl":"pkg:apk/alpine/njs@0.9.9-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/njs@0.9.9-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-8711"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gm8u-gcfg-zfce"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/njs@0.9.9-r0%3Farch=x86_64&distroversion=edge&reponame=community"}