1 results (0.007 seconds)
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2022-36937
https://notcve.org/view.php?id=CVE-2022-36937
10 May 2023 — HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. • https://github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •