High severityNVD Advisory· Published Oct 26, 2020· Updated Aug 4, 2024
CVE-2020-1915
CVE-2020-1915
Description
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hermes-enginenpm | < 0.7.2 | 0.7.2 |
Affected products
2- Facebook/Hermesv5Range: commit prior to 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-x4cf-6jr3-3qvpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1915ghsaADVISORY
- github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0ghsax_refsource_CONFIRMWEB
- github.com/facebook/hermes/issues/373ghsaWEB
- www.facebook.com/security/advisories/cve-2020-1915ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.