exploitDog

CVE-2023-25933

Опубликовано: 18 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Ссылки

https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81
Patch
https://www.facebook.com/security/advisories/cve-2023-25933
Patch
Vendor Advisory
https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81
Patch
https://www.facebook.com/security/advisories/cve-2023-25933
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:facebook:hermes:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00477

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-843

CWE-843

Связанные уязвимости

GHSA-jgwv-fx37-24vq

CVSS3: 9.8

github

больше 2 лет назад

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

EPSS

Процентиль: 64%

0.00477

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-843

CWE-843