EPSS
Percentile
50.5%
hermes-engine is vulnerable to Use-After-Free. When Hermes allows execution of untrusted JavaScript, an attacker is able to leak raw data from Hermes VM’s heap due to a use-after-free in BigIntPrimitive addition.
BigIntPrimitive
github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80
github.com/facebook/hermes/pull/908
www.facebook.com/security/advisories/cve-2023-24833