Type Confusion Vulnerability in Facebook Hermes JavaScript Engine
CVE-2021-24045
9.8CRITICAL
What is CVE-2021-24045?
A type confusion vulnerability exists in the Facebook Hermes JavaScript engine that can be triggered by resolving the 'typeof' unary operator. This vulnerability is particularly concerning when an application utilizing Hermes allows for the evaluation of untrusted JavaScript. However, it is important to note that most React Native applications are not vulnerable as they do not typically permit such evaluations. The issue is fixed in Hermes version 0.10.0, mitigating the risks associated with this vulnerability.
Affected Version(s)
Hermes < 0.10.0
Hermes 0.10.0