CVE-2019-3556— Facebook HHVM 路径遍历漏洞

N/A

HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.

N/A

对路径名的限制不恰当(路径遍历)

Facebook HHVM 路径遍历漏洞

Facebook HHVM（又名HipHop Virtual Machine）是美国Facebook公司的一款能够显著提高PHP加载动态页面性能的虚拟机。 HHVM存在路径遍历漏洞，该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

N/A

N/A