EPSS
Percentile
69.9%
hermes-engine is vulnerable to arbitrary code execution. The vulnerability is due to the SmallVectorBase::grow_pod functions handling of large arrays which allows an attacker to potentially execute arbitrary code via malicious JavaScript.
SmallVectorBase::grow_pod
github.com/facebook/hermes/commit/06eaec767e376bfdb883d912cb15e987ddf2bda1
github.com/facebook/hermes/pull/772
www.facebook.com/security/advisories/CVE-2022-32234