Vulnerability Description
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hermes | < 0.10.0 |
Related Weaknesses (CWE)
References
- https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217fPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24045Vendor Advisory
- https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217fPatchThird Party Advisory
- https://www.facebook.com/security/advisories/cve-2021-24045Vendor Advisory
FAQ
What is CVE-2021-24045?
CVE-2021-24045 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes per...
How severe is CVE-2021-24045?
CVE-2021-24045 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-24045?
Check the references section above for vendor advisories and patch information. Affected products include: Facebook Hermes.