Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zMjdjLXF4M3YtaDY3M84AAmKw
Always-Incorrect Control Flow Implementation in Facebook Hermes
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Permalink: https://github.com/advisories/GHSA-327c-qx3v-h673JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zMjdjLXF4M3YtaDY3M84AAmKw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-327c-qx3v-h673, CVE-2020-1914
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-1914
- https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc
- https://www.facebook.com/security/advisories/cve-2020-1914
- https://github.com/facebook/hermes/issues/373
- https://github.com/advisories/GHSA-327c-qx3v-h673
Blast Radius: 52.3
Affected Packages
npm:hermes-engine
Dependent packages: 197Dependent repositories: 214,711
Downloads: 1,718,480 last month
Affected Version Ranges: <= 0.7.1
Fixed in: 0.7.2
All affected versions: 0.0.0, 0.1.0, 0.1.1, 0.2.1, 0.3.0, 0.4.0, 0.4.1, 0.4.3, 0.5.0, 0.5.1, 0.6.0, 0.7.0, 0.7.1
All unaffected versions: 0.7.2, 0.8.0, 0.8.1, 0.9.0, 0.10.0, 0.11.0