Back to search
CVE-2021-24044
Published: Jan 15, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
| Vendor | Product | Versions |
|---|---|---|
Hermes | unaffected 0.10.0 - < unspecifiedaffected unspecified - < 0.10.0 |
Weaknesses (CWE)
References
https://www.facebook.com/security/advisories/cve-2021-24044
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now