CVE-2021-24044 – By passing invalid javascript code where await and yield were called upon non-async and no …

Vuln ID: CVE-2021-24044

Published:  2022-01-15  01:15:07Z

Description: By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.

Source: NVD.NIST.GOV