CVE-2020-1913
8.1HIGHAn Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potentia
Опубликовано: 9/9/2020Обновлено: 11/21/2024
Описание
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
ИИ-АнализНа базе ИИ
Затронутые продукты
facebookhermes
Ссылки
- https://github.com/facebook/hermes/commit/2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6PatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2020-1913Vendor Advisory
- https://github.com/facebook/hermes/commit/2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6PatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2020-1913Vendor Advisory