AI Score
Confidence
High
EPSS
Percentile
47.0%
hermes-engine is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to cause a null pointer dereference when the EnableHermesInternal config option was set to true, causing the application to crash.
EnableHermesInternal config
github.com/advisories/GHSA-5jqp-fwpp-hvwv
github.com/facebook/hermes/commit/5cae9f72975cf0e5a62b27fdd8b01f103e198708
www.facebook.com/security/advisories/cve-2023-24832