CVE-2020-1914
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Una vulnerabilidad lógica al manejar la instrucción SaveGeneratorLong en Facebook Hermes antes del commit b2021df620824627f5a8c96615edbd1eb7fdddfc, permite a atacantes leer potencialmente fuera de límites o, teóricamente, ejecutar código arbitrario por medio de JavaScript diseñado. Tome en cuenta que esto solo es explotable si la aplicación que utiliza Hermes permite una evaluación de un JavaScript que no es confiable. Por lo tanto, la mayoría de las aplicaciones React Native no están afectadas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-02 CVE Reserved
- 2020-10-08 CVE Published
- 2024-02-26 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-670: Always-Incorrect Control Flow Implementation
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://www.facebook.com/security/advisories/cve-2020-1914 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Facebook Search vendor "Facebook" | Hermes Search vendor "Facebook" for product "Hermes" | < 2020-10-01 Search vendor "Facebook" for product "Hermes" and version " < 2020-10-01" | - |
Affected
|