CVE-2019-12207 (njs)

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
Source: NIST
CVE-2019-12207 (njs)