Vulnerability in Facebook Hermes

CVE-2021-24044

By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in seg…

EPSS: 0.005 (66.5th percentile) — read the EPSS interpretation.

Affected products

Facebook Hermes — versions 0.10.0, unspecified

Weakness classification (CWE)

CWE-843 — Access of Resource Using Incompatible Type (Type Confusion)

References

www.facebook.com/security/advisories/cve-2021-24044 (x_refsource_CONFIRM)