Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Facebook HipHop Virtual Machine 权限许可和访问控制漏洞
Vulnerability Description
Facebook HipHop Virtual Machine(HHVM)是美国Facebook公司的一款能够显著提高PHP加载动态页面性能的虚拟机。 Facebook HHVM 3.0.1及之前版本中存在安全漏洞,该漏洞源于程序没有减少hphp/util/capability.cpp和hphp/util/light-process.cpp文件中的附加组成员。远程攻击者可借助文件或目录的组权限利用该漏洞绕过既定的访问限制。
CVSS Information
N/A
Vulnerability Type
N/A