CVE-2014-2209
CVE-2014-2209: HHVM before 3.1.0 fails to drop supplemental group memberships in hphp/util/capability.cpp and hphp/util/light-process.cpp, enabling remote attackers to bypass access restrictions by abusing file/directory group permissions. Affected: Facebook HipHop Virtual Machine (HHVM) prior to...