Описание
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Ссылки
- PatchThird Party Advisory
- Vendor Advisory
- PatchThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.10.0 (исключая)
cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00547
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-843
CWE-843
Связанные уязвимости
github
около 4 лет назад
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
EPSS
Процентиль: 67%
0.00547
Низкий
9.8 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-843
CWE-843