Type Confusion Vulnerability in Facebook Hermes (prior to v0.10.0)

Type Confusion Vulnerability in Facebook Hermes (prior to v0.10.0)

CVE-2021-24045 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

Learn more about our Web Application Penetration Testing UK.