Facebook HipHop Virtual Machine (HHVM) prior to 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote malicious users to bypass intended access restrictions by leveraging group permissions for a file or directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
facebook hiphop virtual machine |