Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook react-native vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-24045
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native appl...
Facebook Hermes
9.8
CVSSv3
CVE-2021-24037
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows malicious users to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes perm...
Facebook Hermes
7.5
CVSSv3
CVE-2020-1920
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
Facebook React-native
1 Github repository
9.8
CVSSv3
CVE-2020-1896
A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows malicious users to potentially execute arbitrary code v...
Facebook Hermes
7.5
CVSSv3
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows malicious users to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploita...
Facebook Hermes
9.8
CVSSv3
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows malicious users to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that thi...
Facebook Hermes
8.1
CVSSv3
CVE-2020-1912
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows malicious users to potentially execute arbitrary code via crafted JavaScript. Note that this is on...
Facebook Hermes
8.1
CVSSv3
CVE-2020-1913
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows malicious users to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the ap...
Facebook Hermes
9.8
CVSSv3
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows malicious users to potentially execute arbitrary code via crafted JavaScript. ...
Facebook Hermes
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2