Bytecode Optimization Bug in Hermes Affecting React Native Applications
CVE-2023-28081
9.8CRITICAL
What is CVE-2023-28081?
A vulnerability exists in Hermes, an open-source JavaScript engine, that stems from a bytecode optimization flaw. This issue could be exploited to trigger a use-after-free condition, potentially allowing an attacker to execute arbitrary code through a carefully crafted payload. However, this vulnerability presents risks primarily in environments where untrusted JavaScript is executed. Therefore, most React Native applications, which do not typically execute untrusted scripts, may remain unaffected. Taking proactive measures is essential for developers to secure their applications against such vulnerabilities.
Affected Version(s)
Hermes 0