CVE-2021-24044

Name of the Vulnerable Software and Affected Versions Hermes versions prior to v0.10.0

Description The issue arises when invalid JavaScript code is passed, specifically where await and yield are called on non-async and non-generator getter/setter functions. This causes Hermes to invoke generator functions and error out due to invalid await/yield positions, potentially resulting in a segmentation fault as a consequence of a type confusion error. There is a low chance of remote code execution (RCE) associated with this issue.

Recommendations For versions prior to v0.10.0, update to version v0.10.0 or later to resolve the issue. As a temporary workaround, consider restricting the execution of invalid JavaScript code that invokes await and yield on non-async and non-generator functions until a patch is applied.