GHSA-X4CF-6JR3-3QVP Out-of-bounds Read in Facebook Hermes

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

Out-of-bounds Read in Facebook Hermes

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

GHSA-327C-QX3V-H673 Always-Incorrect Control Flow Implementation in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...

Always-Incorrect Control Flow Implementation in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...

Signed to Unsigned Conversion Error in Facebook Hermes

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

GHSA-PF27-929J-9PMM Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...

Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...

GHSA-F5X2-XV93-4P23 Access of Resource Using Incompatible Type in Facebook Hermes

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

Access of Resource Using Incompatible Type in Facebook Hermes

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...

CVE-2020-1914

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native apps to improve the performance of mobile client apps, but not server-side infrastructures such as browsers & Node.js. A security vulnerability exists in Facebook Hermes, which...

CVE-2021-24045

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...

Type confusion

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client apps, but not server-side infrastructures such as browsers & Node.js. A security vulnerability exists in Facebook Hermes...

Evernote: 2 click Remote Code execution in Evernote Android

This vulnerability is similar to my previous reported vulnerability 1362313 , in here also weakness is path transversal vulnerability which helps me to acheive code execution but the root cause is different. some part of this app is written in java and some parts are written in react native. In...

@2600hz/sds-react-native-components (>=0.1.0 <=1.8.1), @abdur-rakib/react-native-button (>=0.0.1 <=0.0.3) +625 more potentially affected by CVE-2020-1920 via react-native (>=0.63.0 <=0.64.0)

react-native NPM version =0.63.0, =0.1.0, =0.0.1, =0.1.0, =2.5.0, =0.0.1, =1.0.0, =1.0.1, =1.1.4, =1.0.0, =1.0.4, =1.0.3, =3.0.0, =1.2.1, =1.0.0, =1.0.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...

GHSA-7F53-FMMV-MFJV Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

@acaciomartins/react-native-simpletable (>=0.0.1 <=0.0.2), @alan-ai/alan-sdk-react-native (>=1.0.4 <=1.0.7) +1206 more potentially affected by CVE-2020-1920 via react-native (>=0.59.0 <=0.62.2)

react-native NPM version =0.59.0, =0.0.1, =1.0.4, =2.3.3, =2.0.1, =2.0.1758683737, =2.1.87, =1.0.1767254401, =1.3.0, =0.1.0, =0.1.0, =0.1.1, =0.1.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...

Regular expression denial of service in react-native

A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...

CVE-2021-24037

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...