Hermes

DATE	CVE	VULNERABILITY TITLE	RISK
2022-10-06	CVE-2022-27810	Uncontrolled Recursion vulnerability in Facebook Hermes It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. network low complexity facebook CWE-674	7.5
2022-01-15	CVE-2021-24044	Type Confusion vulnerability in Facebook Hermes By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. network low complexity facebook CWE-843 critical	9.8
2021-12-13	CVE-2021-24045	Type Confusion vulnerability in Facebook Hermes A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. network low complexity facebook CWE-843 critical	9.8
2021-06-15	CVE-2021-24037	Use After Free vulnerability in Facebook Hermes A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. network low complexity facebook CWE-416 critical	9.8
2021-02-02	CVE-2020-1896	Out-of-bounds Write vulnerability in Facebook Hermes A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. network low complexity facebook CWE-787 critical	9.8
2020-10-26	CVE-2020-1915	Out-of-bounds Read vulnerability in Facebook Hermes An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. network low complexity facebook CWE-125	7.5
2020-10-08	CVE-2020-1914	Always-Incorrect Control Flow Implementation vulnerability in Facebook Hermes A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. network low complexity facebook CWE-670 critical	9.8
2020-09-09	CVE-2020-1913	Incorrect Conversion between Numeric Types vulnerability in Facebook Hermes An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. network high complexity facebook CWE-681	8.1
2020-09-09	CVE-2020-1912	Out-of-bounds Write vulnerability in Facebook Hermes An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. network high complexity facebook CWE-787	8.1
2020-09-04	CVE-2020-1911	Type Confusion vulnerability in Facebook Hermes A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. network low complexity facebook CWE-843 critical	9.8