What is CVE-2020-1911?

CVE-2020-1911 is a vulnerability in Facebook Hermes, classified under Access of Resource Using Incompatible Type (Type Confusion). Published 2020-09-04.

Is CVE-2020-1911 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Facebook Hermes

CVE-2020-1911

A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbi…

EPSS: 0.010 (77.5th percentile) — read the EPSS interpretation.

Affected products

Facebook Hermes — versions commit prior to fe52854cdf6725c2eaa9e125995da76e6ceb27da

Weakness classification (CWE)

CWE-843 — Access of Resource Using Incompatible Type (Type Confusion)

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

www.facebook.com/security/advisories/cve-2020-1911 (x_refsource_CONFIRM)
github.com/facebook/hermes/commit/fe52854cdf6725c2eaa9e125995da76e6ceb27da (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-1911?: CVE-2020-1911 is a vulnerability in Facebook Hermes, classified under Access of Resource Using Incompatible Type (Type Confusion). Published 2020-09-04.
Is CVE-2020-1911 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.