CVE-2021-24045
First published: Mon Dec 13 2021(Updated: )
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Hermes | <0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24045?
CVE-2021-24045 is a type confusion vulnerability in Facebook Hermes prior to v0.10.0.
How severe is CVE-2021-24045?
CVE-2021-24045 has a severity rating of 9.8 (critical).
How can CVE-2021-24045 be exploited?
CVE-2021-24045 can be exploited if the application using Hermes permits evaluation of untrusted JavaScript.
Is Facebook Hermes affected by CVE-2021-24045?
Yes, Facebook Hermes versions prior to v0.10.0 are affected by CVE-2021-24045.
Where can I find more information about CVE-2021-24045?
You can find more information about CVE-2021-24045 at the following references: [link1](https://github.com/facebook/hermes/commit/55e1b2343f4deb1a1b5726cfe1e23b2068217ff2), [link2](https://www.facebook.com/security/advisories/cve-2021-24045).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- vendor/facebook
- canonical/facebook hermes