{"containers": {"cna": {"affected": [{"product": "Hermes", "vendor": "Facebook", "versions": [{"status": "affected", "version": "commit prior to 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0"}]}], "dateAssigned": "2020-10-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-26T20:20:13.000Z", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.facebook.com/security/advisories/cve-2020-1915"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2020-10-26", "ID": "CVE-2020-1915", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Hermes", "version": {"version_data": [{"version_value": "commit prior to 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0"}]}}]}, "vendor_name": "Facebook"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125: Out-of-bounds Read"}]}]}, "references": {"reference_data": [{"name": "https://www.facebook.com/security/advisories/cve-2020-1915", "refsource": "CONFIRM", "url": "https://www.facebook.com/security/advisories/cve-2020-1915"}, {"name": "https://github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0", "refsource": "CONFIRM", "url": "https://github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:53:59.849Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.facebook.com/security/advisories/cve-2020-1915"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0"}]}]}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2020-1915", "datePublished": "2020-10-26T20:20:13.000Z", "dateReserved": "2019-12-02T00:00:00.000Z", "dateUpdated": "2024-08-04T06:53:59.849Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*", "matchCriteriaId": "77CAD963-CD06-4E04-89C0-86B1EEB63268", "versionEndExcluding": "2020-09-25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected."}, {"lang": "es", "value": "Una lectura fuera de l\u00edmites en el int\u00e9rprete de JavaScript en Facebook Hermes anterior al commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, permite a atacantes causar un ataque de denegaci\u00f3n de servicio o una posible corrupci\u00f3n adicional de la memoria por medio de un JavaScript dise\u00f1ado. Tome en cuenta que esto solo puede ser aprovechado si la aplicaci\u00f3n que usa Hermes permite la evaluaci\u00f3n de un JavaScript que no es confiable. Por consiguiente, la mayor\u00eda de las aplicaciones React Native no est\u00e1n afectadas"}], "id": "CVE-2020-1915", "lastModified": "2024-11-21T05:11:36.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-26T21:15:12.193", "references": [{"source": "cve-assign@fb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0"}, {"source": "cve-assign@fb.com", "tags": ["Vendor Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2020-1915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2020-1915"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve-assign@fb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}