Type Confusion Vulnerability in Facebook Hermes JavaScript Engine
CVE-2020-1911
9.8CRITICAL
What is CVE-2020-1911?
A type confusion vulnerability exists in the Facebook Hermes JavaScript engine, specifically affecting its ability to properly resolve properties of JavaScript objects with specially-crafted prototype chains. This flaw allows attackers to potentially execute arbitrary code if the application that integrates Hermes permits the evaluation of untrusted JavaScript. It is crucial to note that most React Native applications that use Hermes are not affected due to their default security practices.
Affected Version(s)
Hermes commit prior to fe52854cdf6725c2eaa9e125995da76e6ceb27da