It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch() requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service.
0.9.4-1ubuntu0.1~esm1