PT-2021-15663 · Facebook · Facebook Hermes
Published
2021-12-13
·
Updated
2021-12-15
·
CVE-2021-24045
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Facebook Hermes versions prior to 0.10.0
Description:
A type confusion issue could be triggered when resolving the
typeof unary operator in Facebook Hermes. This is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Most React Native applications are not affected.Recommendations:
For Facebook Hermes versions prior to 0.10.0, update to version 0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting the evaluation of untrusted JavaScript in applications using Hermes.
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Facebook Hermes