CVE-2023-23557

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-23557

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23557.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-23557

Published

2023-05-18T22:15:09.540Z

Modified

2026-03-11T15:01:38.609282Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

References

Affected packages

Git /

Affected ranges

Type
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

a00d237346894c6067a594983be6634f4168c9ad

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2023-01-10"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23557.json"