CVE-2018-6334 - Vulncode-DB

CVE-2018-6334 (NVD)

2018-12-31

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).

Products	Hhvm
Type	Improper Input Validation (CWE-20)
First patch	https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
Relevant file/s	./hphp/runtime/server/upload.cpp (modified, +7, -47)
Links	https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html

hhvm - Tree: 6937de5544

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: