Vulnerabilities > Facebook > Hermes > 0.7.0

DATE CVE VULNERABILITY TITLE RISK
2021-06-15 CVE-2021-24037 Use After Free vulnerability in Facebook Hermes
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript.
network
low complexity
facebook CWE-416
critical
9.8
2020-10-26 CVE-2020-1915 Out-of-bounds Read vulnerability in Facebook Hermes
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript.
network
low complexity
facebook CWE-125
7.5
2020-10-08 CVE-2020-1914 Always-Incorrect Control Flow Implementation vulnerability in Facebook Hermes
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript.
network
low complexity
facebook CWE-670
critical
9.8