CVE-2020-1913
First published: Wed Sep 09 2020(Updated: )
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Hermes | <=0.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-1913.
What is the severity level of CVE-2020-1913?
The severity level of CVE-2020-1913 is high with a CVSS score of 8.1.
What is the affected software?
The affected software is Facebook Hermes up to version 0.4.3.
How can this vulnerability be exploited?
This vulnerability can be exploited by attackers to cause a denial of service attack or a potential remote code execution by using crafted JavaScript.
Is there a fix available for CVE-2020-1913?
Yes, a fix is available for CVE-2020-1913. It can be found in the commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 on the Facebook Hermes repository.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/facebook
- canonical/facebook hermes
- version/facebook hermes/0.4.3