Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
CVSS Information
N/A
Vulnerability Type
使用不兼容类型访问资源(类型混淆)
Vulnerability Title
Facebook Hermes 安全漏洞
Vulnerability Description
Facebook Hermes是美国Facebook公司的一个JavaScript引擎。该引擎针对React Native应用,去提高移动客户端应用App的性能,但是对浏览器 & Node.js 等服务端基础架构并不适用。 Facebook Hermes 0.10.0之前版本存在安全漏洞,该漏洞源于在Facebook Hermes中解析一元操作符“typeof”时可能会触发类型混淆漏洞。
CVSS Information
N/A
Vulnerability Type
N/A