hermes-engine is vulnerable to Use-After-Free. When Hermes allows execution of untrusted JavaScript, an attacker is able to execute arbitrary code on the target system via a carefully crafted malicious payload, which is made possible due to a bytecode optimization bug, that results in use-after-free.
CPE | Name | Operator | Version |
---|---|---|---|
hermes-engine | le | 0.11.0 | |
hermes-engine | le | 0.11.0 | |
hermes-engine | le | 0.11.0 | |
hermes-engine | le | 0.11.0 |