Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The libxml_disable_entity_loader function in runtime/ext/ext_simplexml.cpp in HipHop Virtual Machine for PHP (HHVM) before 2.4.0 and 2.3.x before 2.3.3 does not properly disable a certain libxml handler, which allows remote attackers to conduct XML External Entity (XXE) attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HipHop Virtual Machine for PHP 安全漏洞
Vulnerability Description
HipHop Virtual Machine for PHP(HHVM)是一款能够显著提高PHP加载动态页面性能的虚拟机。 HHVM for PHP 2.3.2及之前的版本中的runtime/ext/ext_simplexml.cpp文件中的‘libxml_disable_entity_loader’函数中存在安全漏洞,该漏洞源于程序没有正确禁用libxml处理器。远程攻击者可利用该漏洞实施XML外部实体攻击。
CVSS Information
N/A
Vulnerability Type
N/A