{"id":"CVE-2022-27810","details":"It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0.","modified":"2026-03-14T11:39:40.037193Z","published":"2022-10-06T20:15:17.340Z","references":[{"type":"ADVISORY","url":"https://www.facebook.com/security/advisories/cve-2022-27810"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/facebook/hermes","events":[{"introduced":"0"},{"fixed":"7d3e091b59ff5e5a9e722718c01d81dab52d4300"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.12.0"}]}}],"versions":["hermes-2022-04-28-RNv0.69.0-15d07c2edd29a4ea0b8f15ab0588a0c1adb1200f","hermes-2022-07-15-RNv0.70.0-88dd5731a19ab6b38b0a0a2d4386ba959f2a2c98","v0.1.0","v0.1.1","v0.10.0","v0.11.0","v0.2.1","v0.3.0","v0.4.0","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v0.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27810.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}