Type Confusion Vulnerability in Hermes by Facebook
CVE-2021-24044
9.8CRITICAL
What is CVE-2021-24044?
Hermes, a JavaScript engine developed by Facebook, is vulnerable to a type confusion issue due to improper handling of JavaScript code involving 'await' and 'yield' on non-async and non-generator getter/setter functions. When incorrect JavaScript is passed, this could lead to the invocation of generator functions, resulting in a segmentation fault caused by type confusion errors. Affected versions of Hermes include all versions prior to v0.10.0, highlighting the importance of upgrading to prevent potential security risks.
Affected Version(s)
Hermes < 0.10.0
Hermes 0.10.0