CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2208
https://notcve.org/view.php?id=CVE-2014-2208
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. Vulnerabilidad de inyección CRLF en la implementación del protocolo LightProcess en hphp/util/light-process.cpp en Facebook HipHop Virtual Machine (HHVM) anterior a 2.4.2 permite a atacantes remotos ejecutar comandos arbitrarios introduciendo el carácter \n (nueva linea) antes del final de una cadena • https://github.com/facebook/hhvm/commit/506a44194a9016406c752ad8e010c01aeffc18cc • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2209
https://notcve.org/view.php?id=CVE-2014-2209
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. Facebook HipHop Virtual Machine (HHVM) anterior a 3.1.0 no baja la pertenencia a grupos complementarios dentro de hphp/util/capability.cpp y hphp/util/light-process.cpp, lo que permite a atacantes remotos saltarse las restricciones de acceso aprovechándose de los permisos de grupo para un archivo o directorio. • https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946 • CWE-264: Permissions, Privileges, and Access Controls •