hermes-engine is vulnerable to Use-After-Free. When Hermes allows execution of untrusted JavaScript, an attacker is able to cause remote code execution due to a use-after-free bug, which is possible as a result of unsound inference in the bytecode generation when optimizations are enabled.