ByteOS Network

NVD Vulnerability Details :

CVE-2014-2209

Deferred

Source-cve@mitre.org

Published At-28 Dec, 2014 | 15:59

Updated At-12 Apr, 2025 | 10:46

Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

Facebook

>>hiphop_virtual_machine>>Versions up to 3.0.1(inclusive)

cpe:2.3:a:facebook:hiphop_virtual_machine:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946	cve@mitre.org	N/A
https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History