CVE-2022-27810

EPSS 0.7%CWE-674

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0.

Affected products

Facebook · Hermes

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.facebook.com/security/advisories/cve-2022-27810