Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
Facebook Hermes 缓冲区错误漏洞
Vulnerability Description
Facebook Hermes是美国Facebook公司的一个JavaScript引擎。该引擎针对React Native应用,去提高移动客户端应用App的性能,但是对浏览器 & Node.js 等服务端基础架构并不适用。 Facebook Hermes 存在缓冲区错误漏洞,该漏洞源于在处理大型数组时发生越界写入。攻击者利用该漏洞通过特制的JavaScript执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A