689 matches found
CVE-2023-23556
CVE-2023-23556 affects the Facebook Hermes JavaScript engine. A bug in BigInt conversion to Number exists in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80, allowing a malicious actor to execute arbitrary code via an out-of-bounds write when untrusted JavaScript is executed. The ...
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client apps, but is not applicable to server-side infrastructures such as browsers & Node.js. Facebook Hermes...
PT-2023-22710 · Hermes · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit da8990f737ebb9d9810633502f65ed462b819c09 Description: A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled could have been used by an attacker to achieve remot...
PT-2023-21541 · Hermes · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 Description: A bytecode optimization bug could be used to cause a use-after-free and obtain arbitrary code execution via a carefully crafted payload. This is only...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browser & Node.js. Facebook Hermes has a security...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes suffers from a...
PT-2023-19037 · Facebook · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 Description: An error in BigInt conversion to Number in Hermes could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. This...
Facebook Hermes 代码问题漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes has a security...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes has a security...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. A security vulnerability exists in...
Malicious code in nlp-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ef6692095c28b968172ac45d43937a7bfe30267c7c27add946d2534ad6c7e24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-626 Malicious code in nlp-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ef6692095c28b968172ac45d43937a7bfe30267c7c27add946d2534ad6c7e24 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview mobile-auth-library-react-native is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable ...
@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25102 via simple-markdown (>=0.0.9 <=0.5.3)
simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25102 Source advisory: OSV:GHSA-J533-2G8V-PMPG...
@540deg/react-native-simple-markdown (>=1.1.1 <=1.1.2), @anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1) +29 more potentially affected by CVE-2019-25103 via simple-markdown (>=0.0.9 <=0.4.4)
simple-markdown NPM version =0.0.9, =1.1.1, =1.0.3, =1.3.0, =1.0.1, =1.1.1, =1.1.74, =1.0.8, =1.0.4, =2.3.0, =3.0.0, =1.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2019-25103 Source advisory: OSV:GHSA-GPVJ-GP8C-C7P2...
Malicious code in boost-for-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8da6dcc96b2c067367ff27f7f02a880d0e12449e6bf8595898ca728c7e6a3376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1647 Malicious code in boost-for-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8da6dcc96b2c067367ff27f7f02a880d0e12449e6bf8595898ca728c7e6a3376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-35289
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
CVE-2022-40138
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...