689 matches found
CVE-2020-1913
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...
CVE-2020-1912
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
CVE-2020-1912
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
Integer overflow
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...
Design/Logic Flaw
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
CVE-2020-1913
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...
CVE-2020-1912
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
Type confusion
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
react-native-fast-image information disclosure vulnerability
react-native-fast-image is an image loading and processing package by Canadian software developer Dylan Vann. An information disclosure vulnerability exists in react-native-fast-image, which can be exploited by an attacker to cause signature credentials or other session tokens to be disclosed to...
CVE-2020-7696
This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...
CVE-2020-7696
This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...
Authorization
This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...
CVE-2020-7696
The CVE-2020-7696 entry affects all versions of react-native-fast-image. When an image is loaded with headers that include sensitive data (e.g., host and authorization in the request headers), subsequent images reuse those headers, causing potential leakage of signing credentials or session token...
CVE-2020-7696 Information Exposure
This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...
@applicaster/zapp-react-native-fast-image (>=1.0.0 <=1.1.0-beta.0), @momo-platform/component-kits (=1.1.74) +5 more potentially affected by CVE-2020-7696 via react-native-fast-image (>=8.1.2 <=8.2.0)
react-native-fast-image NPM version =8.1.2, =1.0.0, =0.0.1, =0.1.0, =1.2.23 Source cves: CVE-2020-7696 Source advisory: SNYK:JS-REACTNATIVEFASTIMAGE-572228...
Information Exposure
Overview react-native-fast-image is a FastImage, performant React Native image component. Affected versions of this package are vulnerable to Information Exposure. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will...
@acaciomartins/react-native-simpletable (>=0.0.1 <=0.0.2), @alan-ai/alan-sdk-react-native (>=1.0.4 <=1.0.7) +795 more potentially affected by CVE-2020-8149 via logkitty (>=0.4.2 <=0.6.1)
logkitty NPM version =0.4.2, =0.0.1, =1.0.4, =2.3.3, =2.0.1, =2.0.1758683737, =2.1.87, =1.0.1767254401, =1.3.0, =1.0.1, =1.0.2, =1.1.0 and more Source cves: CVE-2020-8149 Source advisory: OSV:GHSA-V8V8-6859-QXM4...