{"id":"CVE-2020-1912","details":"An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.","aliases":["GHSA-pf27-929j-9pmm"],"modified":"2026-04-11T16:25:26.676441Z","published":"2020-09-09T19:15:20.850Z","references":[{"type":"ADVISORY","url":"https://www.facebook.com/security/advisories/cve-2020-1912"},{"type":"FIX","url":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hermes","events":[{"introduced":"0"},{"last_affected":"c5418d45dcd384e288aecb9db5e67c66cd3267ee"},{"fixed":"091835377369c8fd5917d9b87acffa721ad2a168"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.4.3"}]}}],"versions":["v0.1.0","v0.1.1","v0.2.1","v0.3.0","v0.4.0","v0.4.1","v0.4.3","v0.5.0","v0.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1912.json","vanir_signatures":[{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-1a248a41","deprecated":false,"digest":{"length":1127,"function_hash":"166117337606691127376896012638914962402"},"signature_type":"Function","target":{"function":"ESTreeIRGen::doLazyFunction","file":"lib/IRGen/ESTreeIRGen.cpp"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-23e65117","deprecated":false,"digest":{"length":3223,"function_hash":"141433903422062908392870224668616591625"},"signature_type":"Function","target":{"function":"BytecodeModuleGenerator::generate","file":"lib/BCGen/HBC/BytecodeGenerator.cpp"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-4ec2a93e","deprecated":false,"digest":{"line_hashes":["68947359869273260695952235856958639047","310262731518963030849177473901907694982","43655176662467176673572812232337830164","251975857109927295130916986511114831995","267392027748459512215805486003428925381","14869591982245817008383418568817739486","25011000255393205312587106221272530406","76617029384894588801177634287181038274","302810129154842953319122505398617295679","290781533802588139012893337737251953884","309741251300914982749835247732214238943","304745648669413726604737901917541719575","197290495346865817946198223729531450493","164628642321663572232346492589147618151"],"threshold":0.9},"signature_type":"Line","target":{"file":"lib/IRGen/ESTreeIRGen-func.cpp"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-6fcf5aaf","deprecated":false,"digest":{"line_hashes":["118449173113696205520853759435422956610","232680986558581044059541722654142378307","336810655257276162490605970511824891267"],"threshold":0.9},"signature_type":"Line","target":{"file":"include/hermes/IRGen/IRGen.h"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-93509744","deprecated":false,"digest":{"line_hashes":["19906978767362067285113684163218152133","175595626256065738182228936290520385548","12935631989303753987380467402787289329","148815064741235597976782175301514007803"],"threshold":0.9},"signature_type":"Line","target":{"file":"lib/IRGen/ESTreeIRGen.cpp"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-a6c1d01d","deprecated":false,"digest":{"length":2298,"function_hash":"15381551074468224391172303248986894624"},"signature_type":"Function","target":{"function":"ESTreeIRGen::genES5Function","file":"lib/IRGen/ESTreeIRGen-func.cpp"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-c538ddc8","deprecated":false,"digest":{"line_hashes":["10876135637255643184975339061925308991","322220919901056191015063488949676221856","303417822709648059539571908123264092948","203289460270659300369657686157979660466"],"threshold":0.9},"signature_type":"Line","target":{"file":"include/hermes/IR/IR.h"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-cd3bb58f","deprecated":false,"digest":{"line_hashes":["127463815399244171356330020060141584602","205336833909874881979775941571286102428","244584719445244937694542144971470351922","162851663397290344814180789619227158406"],"threshold":0.9},"signature_type":"Line","target":{"file":"lib/BCGen/HBC/BytecodeGenerator.cpp"}},{"source":"https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168","signature_version":"v1","id":"CVE-2020-1912-d7df1ce0","deprecated":false,"digest":{"length":840,"function_hash":"38774911459647130156213830716821810632"},"signature_type":"Function","target":{"function":"ESTreeIRGen::genGeneratorFunction","file":"lib/IRGen/ESTreeIRGen-func.cpp"}}],"vanir_signatures_modified":"2026-04-11T16:25:26Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}