689 matches found
CVE-2022-35289
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
CVE-2022-40138
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...
Integer overflow
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
Design/Logic Flaw
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...
CVE-2022-32234
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted...
CVE-2022-32234
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted...
Design/Logic Flaw
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted...
CVE-2022-35289
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
CVE-2022-32234
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. A security vulnerability exists in...
CVE-2022-40138
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...
Facebook Hermes 缓冲区错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but is not applicable to server-side infrastructures such as browsers & Node.js. Facebook Hermes suffer...
Facebook Hermes 输入验证错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. An input validation error...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. A security vulnerability exists in...
GHSA-2J79-8PQC-R7X6 react-native-reanimated vulnerable to ReDoS
The package react-native-reanimated before 2.10.0 is vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...
react-native-reanimated vulnerable to ReDoS
The package react-native-reanimated before 2.10.0 is vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...
@armiasystems/react-native-armia-chat-sdk (>=1.0.0 <=1.0.9), @ats-components/circular-manager (>=1.0.4 <=1.0.11) +409 more potentially affected by CVE-2022-24373 via react-native-reanimated (>=1.0.0-alpha.3 <=2.0.1)
react-native-reanimated NPM version =1.0.0-alpha.3, =1.0.0, =1.0.4, =1.0.3, =0.1.0, =5.2.0, =0.0.1-alpha.22, =3.1.5, =0.1.1, =1.0.0, =2.31.0, =1.0.2, =0.1.9, =0.6.33 and more Source cves: CVE-2022-24373 Source advisory: OSV:GHSA-2J79-8PQC-R7X6...
CVE-2022-24373
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...
CVE-2022-24373
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...
Design/Logic Flaw
The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service ReDoS due to improper usage of regular expression in the parser of Colors.js...