An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
[
{
"product": "Hermes",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "commit prior to 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6"
}
]
}
]