An issue found in Cesanta MJS v.1.26 allows a local malicious user to cause a denial of service via the mjs_execute function in mjs.c.
cesanta mjs 1.26