CVE-2022-25139: 
NGINX vulnerability analysis and mitigation

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free vulnerability in njsawaitfulfilled. The vulnerability was identified and disclosed in December 2021 (Github Issue).

The vulnerability is a heap use-after-free issue that occurs in the njsawaitfulfilled function. The issue arises because the PromiseCapability record was stored directly in the function object during function invocation, which is incorrect as the PromiseCapability record should be linked to the current execution context. This results in the function->context being overwritten with consecutive recursive calls, leading to use-after-free (Github Commit). The vulnerability has been assigned a CVSS score of 9.8 (CRITICAL) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NetApp Advisory).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

The issue has been fixed in later versions of njs by modifying how the PromiseCapability record is handled during function execution. The fix ensures that the PromiseCapability record is properly linked to the current execution context rather than being stored directly in the function object (Github Commit).