Vulnerabilities > Facebook > Hermes > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-24045 | Type Confusion vulnerability in Facebook Hermes A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. | 6.8 |
| 2021-02-02 | CVE-2020-1896 | Out-of-bounds Write vulnerability in Facebook Hermes A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. | 6.8 |
| 2020-10-26 | CVE-2020-1915 | Out-of-bounds Read vulnerability in Facebook Hermes An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. | 4.3 |
| 2020-09-09 | CVE-2020-1913 | Incorrect Conversion between Numeric Types vulnerability in Facebook Hermes An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. | 6.8 |
| 2020-09-04 | CVE-2020-1911 | Type Confusion vulnerability in Facebook Hermes A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. | 6.8 |