Описание
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.1 (включая)
cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00301
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
EPSS
Процентиль: 53%
0.00301
Низкий
5 Medium
CVSS2
Дефекты
CWE-264