hermes-engine is vulnerable to Use-After-Free. When Hermes allows execution of untrusted JavaScript, an attacker is able to leak raw data from Hermes VM’s heap due to a use-after-free in BigIntPrimitive
addition.
CPE | Name | Operator | Version |
---|---|---|---|
hermes-engine | le | 0.11.0 | |
hermes-engine | le | 0.11.0 | |
hermes-engine | le | 0.11.0 | |
hermes-engine | le | 0.11.0 |