Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2018-6334

Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).

  • Published: Dec 31, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-6334
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
facebook / hhvm - 3.21.9.x
facebook / hhvm 3.21.10 3.24.5.x
facebook / hhvm 3.24.6 3.25.1.x