CVE-2020-1915 — Vulnetix

CVE-2020-1915 PUBLISHED CVSS 4.300000190734863 MEDIUM

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

EPSS 1.09% · 78.2th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

1.09%

78.2th percentile

Affected Products

Vendor	Product	Versions
facebook	hermes	0
npm	hermes-engine	0
Facebook	Hermes	*

Timeline

Oct 26, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 27, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 2, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 5, 2022 EPSS Score

References

https://www.facebook.com/security/advisories/cve-2020-1915 url
https://github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 url
https://nvd.nist.gov/vuln/detail/CVE-2020-1915 advisory
https://github.com/facebook/hermes/issues/373 url
https://github.com/facebook/hermes package

Open in Interactive Console →