Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2021-24037 | Use After Free vulnerability in Facebook Hermes A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. | 9.8 |
| 2021-06-01 | CVE-2020-1920 | Incorrect Comparison vulnerability in Facebook React-Native A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. | 7.5 |
| 2021-04-14 | CVE-2021-24028 | Release of Invalid Pointer or Reference vulnerability in Facebook Thrift An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. | 9.8 |
| 2021-04-12 | CVE-2021-24218 | Cross-Site Request Forgery (CSRF) vulnerability in Facebook The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. | 8.8 |
| 2021-04-12 | CVE-2021-24217 | Deserialization of Untrusted Data vulnerability in Facebook The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. | 8.1 |
| 2021-03-15 | CVE-2021-24029 | Reachable Assertion vulnerability in Facebook Proxygen A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. | 7.5 |
| 2021-03-11 | CVE-2020-1900 | Use After Free vulnerability in Facebook Hhvm When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. | 9.8 |
| 2021-03-11 | CVE-2020-1899 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. | 7.5 |
| 2021-03-11 | CVE-2020-1898 | Uncontrolled Recursion vulnerability in Facebook Hhvm The fb_unserialize function did not impose a depth limit for nested deserialization. | 7.5 |
| 2021-03-10 | CVE-2021-24030 | Argument Injection or Modification vulnerability in Facebook Gameroom The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. | 9.8 |