CVE-2021-24045

Sažetak

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

Reference

https://www.facebook.com/security/advisories/cve-2021-24045
https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217ff2

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-12-2021 - 21:49

Objavljeno

13-12-2021 - 21:15