CVE-2021-24044
CVE-2021-24044
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
15 ene 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
Productos afectados
Facebook · Hermes¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →