Описание
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.10.0 (исключая)
cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00504
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-843
CWE-843
Связанные уязвимости
CVSS3: 9.8
github
около 4 лет назад
Access of Resource Using Incompatible Type in Hermes
EPSS
Процентиль: 66%
0.00504
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-843
CWE-843