CVE-2021-24044

By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
References
Configurations

Configuration 1

cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*

Information

Published : 2022-01-15 01:15

Updated : 2022-01-24 07:53


NVD link : CVE-2021-24044

Mitre link : CVE-2021-24044

Products Affected
No products.
CWE