Auto-merge PR#5006

fu6uk1 · Oct 8, 2020 · 95f4c7b · 95f4c7b
2 parents 1d78638 + 4577906
commit 95f4c7b
Showing 1 changed file with 53 additions and 3 deletions.
diff --git a/2020/1xxx/CVE-2020-1914.json b/2020/1xxx/CVE-2020-1914.json
@@ -4,14 +4,64 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2020-1914",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cve-assign@fb.com",
+        "STATE": "PUBLIC",
+        "DATE_ASSIGNED": "2020-10-08"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Facebook",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Hermes",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "commit prior to b2021df620824627f5a8c96615edbd1eb7fdddfc"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-670: Always-Incorrect Control Flow Implementation, CWE-1119: Excessive Use of Unconditional Branching"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.facebook.com/security/advisories/cve-2020-1914",
+                "url": "https://www.facebook.com/security/advisories/cve-2020-1914"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc",
+                "url": "https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc"
             }
         ]
     }