4877 matches found
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...
CVE-2023-23556
CVE-2023-23556 affects the Facebook Hermes JavaScript engine. A bug in BigInt conversion to Number exists in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80, allowing a malicious actor to execute arbitrary code via an out-of-bounds write when untrusted JavaScript is executed. The ...
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client apps, but is not applicable to server-side infrastructures such as browsers & Node.js. Facebook Hermes...
PT-2023-22710 · Hermes · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit da8990f737ebb9d9810633502f65ed462b819c09 Description: A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled could have been used by an attacker to achieve remot...
PT-2023-21541 · Hermes · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 Description: A bytecode optimization bug could be used to cause a use-after-free and obtain arbitrary code execution via a carefully crafted payload. This is only...
PT-2023-19037 · Facebook · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 Description: An error in BigInt conversion to Number in Hermes could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. This...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browser & Node.js. Facebook Hermes has a security...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes suffers from a...
Facebook Hermes 代码问题漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes has a security...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes has a security...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. A security vulnerability exists in...
Malicious code in hyrule-react-commons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b82bec5139c178e3b425e5e458a9c7b248b17db5192cf6178702cbb26822dba The OpenSSF Package Analysis project identified 'hyrule-react-commons' @ 2.0.1 npm as malicious. It is considered malicious because: - The packa...
MAL-2023-1204 Malicious code in hyrule-react-commons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3b82bec5139c178e3b425e5e458a9c7b248b17db5192cf6178702cbb26822dba The OpenSSF Package Analysis project identified 'hyrule-react-commons' @ 2.0.1 npm as malicious. It is considered malicious because: - The packa...
MAL-2023-319 Malicious code in experimental-entrevista-react-01 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c994de6d5887278ea6db782133b3a5d4d6be0526117b52ed13889bdf94b4537 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in experimental-entrevista-react-01 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5c994de6d5887278ea6db782133b3a5d4d6be0526117b52ed13889bdf94b4537 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-92 Malicious code in anf-core-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2ebe249c8950dc0c80ca568e821fa11d3759cb87a76ff9e5813bcc3d5ab938b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in anf-core-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d2ebe249c8950dc0c80ca568e821fa11d3759cb87a76ff9e5813bcc3d5ab938b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-onei (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 837ceaa824fe4087f1b965f397072bb8bec0a54c59997c5b9a422ba7a7ca1734 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-730 Malicious code in react-onei (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 837ceaa824fe4087f1b965f397072bb8bec0a54c59997c5b9a422ba7a7ca1734 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...