CVE-2022-27810

Name of the Vulnerable Software and Affected Versions Hermes versions prior to v0.12.0

Description The issue allows an infinite recursion condition to be triggered in the error handler when Hermes executes specific maliciously formed JavaScript. This condition can only be triggered in dev-mode, when asserts are enabled.

Recommendations For versions prior to v0.12.0, update to version v0.12.0 or later to resolve the issue. As a temporary workaround, consider disabling dev-mode until a patch is available. Restrict the execution of maliciously formed JavaScript to minimize the risk of exploitation.