0.11.0
5 years ago
2 years ago
Known vulnerabilities in the hermes-engine package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
hermes-engine is an A JavaScript engine optimized for running React Native on Android Affected versions of this package are vulnerable to Denial of Service (DoS) by passing invalid JavaScript code where How to fix Denial of Service (DoS)? Upgrade | <0.10.0 |
hermes-engine is an A JavaScript engine optimized for running React Native on Android Affected versions of this package are vulnerable to Out-of-Bounds. An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit How to fix Out-of-Bounds? Upgrade | <0.8.0 |
hermes-engine is an A JavaScript engine optimized for running React Native on Android Affected versions of this package are vulnerable to Use After Free. While emitting certain error messages, attackers could potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. How to fix Use After Free? Upgrade | <0.7.0 |
hermes-engine is an A JavaScript engine optimized for running React Native on Android Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A logic vulnerability when handling the How to fix Cross-site Scripting (XSS)? Upgrade | <0.7.2 |
hermes-engine is an A JavaScript engine optimized for running React Native on Android Affected versions of this package are vulnerable to Denial of Service (DoS). An Integer signedness error in the JavaScript Interpreter allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. How to fix Denial of Service (DoS)? Upgrade | <0.7.0 |
hermes-engine is an A JavaScript engine optimized for running React Native on Android Affected versions of this package are vulnerable to Out-of-Bounds. An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. How to fix Out-of-Bounds? Upgrade | <0.7.0 |
hermes-engine is an A JavaScript engine optimized for running React Native on Android Affected versions of this package are vulnerable to Prototype Pollution via How to fix Prototype Pollution? Upgrade | <0.7.0 |