Stack Overflow Vulnerability in Facebook Hermes Affecting JavaScript Execution
CVE-2020-1896
9.8CRITICAL
What is CVE-2020-1896?
A stack overflow vulnerability exists in Facebook's Hermes JavaScript engine, specifically within the 'builtin apply' function. This flaw enables attackers to potentially execute arbitrary code through specially crafted JavaScript. However, exploitation necessitates that the application utilizing Hermes allows untrusted JavaScript evaluation, which means that most React Native applications are not vulnerable. Affected versions should be updated to the latest commit for mitigation.
Affected Version(s)
Hermes commit prior to 86543ac47e59c522976b5632b8bf9a2a4583c7d2