Vulnerability Details CVE-2014-2209
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v2 Score 5.0
References
Products affected by CVE-2014-2209
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.2.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.1
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.2
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.3.3
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.4.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.4.1
-
cpe:2.3:a:facebook:hiphop_virtual_machine:2.4.2
-
cpe:2.3:a:facebook:hiphop_virtual_machine:3.0.0
-
cpe:2.3:a:facebook:hiphop_virtual_machine:3.0.1