hermes-engine (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package hermes-engine, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-1914 — CVSS 9.8 (critical): A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7f…
CVE-2020-1911 — CVSS 9.8 (critical): A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes…
CVE-2021-24037 — CVSS 9.8 (critical): A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows…
CVE-2021-24044 — CVSS 9.8 (critical): By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would…
CVE-2020-1912 — CVSS 8.1 (high): An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit…
CVE-2020-1913 — CVSS 8.1 (high): An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6…
CVE-2020-1915 — CVSS 7.5 (high): An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows…