CVE-2020-1911
First published: Fri Sep 04 2020(Updated: )
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Hermes | <0.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1911?
CVE-2020-1911 is a type confusion vulnerability in Facebook Hermes, which allows attackers to potentially execute arbitrary code.
What is the severity of CVE-2020-1911?
The severity of CVE-2020-1911 is critical.
How does CVE-2020-1911 work?
CVE-2020-1911 works by resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes.
Is there a fix for CVE-2020-1911?
Yes, the fix for CVE-2020-1911 is available in the commit fe52854cdf6725c2eaa9e125995da76e6ceb27da of Facebook Hermes.
Where can I find more information about CVE-2020-1911?
More information about CVE-2020-1911 can be found in the following references: [GitHub Commit](https://github.com/facebook/hermes/commit/fe52854cdf6725c2eaa9e125995da76e6ceb27da) and [Facebook Security Advisories](https://www.facebook.com/security/advisories/cve-2020-1911).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/facebook
- canonical/facebook hermes