CVE-2021-24037 Information
Jun 07, 2022
cve
Description
A use after free in hermes while emitting certain error messages prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence most React Native applications are not affected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.facebook.com/security/advisories/CVE-2021-24037 https://github.com/facebook/hermes/commit/d86e185e485b6330216dee8e854455c694e3a36e
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: