hermes-engine is vulnerable to arbitrary code execution. The vulnerability exists due to a write-what-where condition caused by an integer overflow in growAndRehash
function of CodeBlock.h
which allows an attacker to potentially execute arbitrary code via crafted javascript.
CPE | Name | Operator | Version |
---|---|---|---|
hermes-engine | le | 0.11.0 | |
hermes-engine | le | 0.11.0 |