An issue in Cesanta mjs 2.20.0 allows a remote malicious user to cause a denial of service via the mjs_destroy function in the msj.c file.
cesanta mjs 2.20.0