A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
References
Link | Resource |
---|---|
https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217ff2 | Patch Third Party Advisory |
https://www.facebook.com/security/advisories/cve-2021-24045 | Vendor Advisory |
https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217ff2 | Patch Third Party Advisory |
https://www.facebook.com/security/advisories/cve-2021-24045 | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217ff2 - Patch, Third Party Advisory | |
References | () https://www.facebook.com/security/advisories/cve-2021-24045 - Vendor Advisory |
Information
Published : 2021-12-13 21:15
Updated : 2024-11-21 05:52
NVD link : CVE-2021-24045
Mitre link : CVE-2021-24045
CVE.ORG link : CVE-2021-24045
JSON object : View
Products Affected
- hermes
CWE
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')