CVE-2020-1915
First published: Mon Oct 26 2020(Updated: )
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Hermes | <2020-09-25 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1915?
CVE-2020-1915 is an out-of-bounds read vulnerability in the JavaScript Interpreter in Facebook Hermes.
What is the severity of CVE-2020-1915?
The severity of CVE-2020-1915 is high with a CVSS score of 7.5.
How does CVE-2020-1915 impact the affected software?
CVE-2020-1915 can cause a denial of service attack or possible further memory corruption in applications using Facebook Hermes prior to September 25, 2020.
How can CVE-2020-1915 be exploited?
CVE-2020-1915 can be exploited by attackers through crafted JavaScript.
How can I fix CVE-2020-1915?
To fix CVE-2020-1915, it is recommended to update to the latest version of Facebook Hermes.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/facebook
- canonical/facebook hermes