CVE-2022-27810

{"id": "CVE-2022-27810", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-10-06T20:15:17.340", "references": [{"url": "https://www.facebook.com/security/advisories/cve-2022-27810", "tags": ["Third Party Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-674"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0."}, {"lang": "es", "value": "Era posible desencadenar una condici\u00f3n de recursi\u00f3n infinita en el administrador de errores cuando Hermes ejecutaba un JavaScript espec\u00edfico formado de forma maliciosa. Esta condici\u00f3n s\u00f3lo era posible en el modo de desarrollo (cuando las afirmaciones estaban habilitadas). Este problema afecta a Hermes versiones anteriores a v0.12.0"}], "lastModified": "2022-10-11T17:58:08.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD57D241-3E0D-490F-B160-C3E8FDD0BCBE", "versionEndExcluding": "0.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}