Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
CVSS Information
N/A
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Vulnerability Title
Facebook Hermes 安全漏洞
Vulnerability Description
Facebook Hermes是美国Facebook公司的一个JavaScript引擎。该引擎针对React Native应用,去提高移动客户端应用App的性能,但是对浏览器 & Node.js 等服务端基础架构并不适用。 Facebook Hermes 中存在安全漏洞,该漏洞源于通过在非异步和非生成器 getter/setter 函数上调用 await 和 yield 的地方传递无效的 JavaScript 代码,Hermes 将调用生成器函数并在无效的 await/yield 位置上出错。由于类型混淆
CVSS Information
N/A
Vulnerability Type
N/A