Candidate: CVE-2018-6334
PublicDate: 2018-12-31 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6334
 https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
Description:
 Multipart-file uploads call variables to be improperly registered in the
 global scope. In cases where variables are not declared explicitly before
 being used this can lead to unexpected behavior. This affects all supported
 versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_hhvm:
 upstream: https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
upstream_hhvm: released (3.24.7+dfsg-1)
precise/esm_hhvm: DNE
trusty_hhvm: DNE
trusty/esm_hhvm: DNE
xenial_hhvm: ignored (end of standard support, was needs-triage)
artful_hhvm: ignored (reached end-of-life)
bionic_hhvm: needs-triage
cosmic_hhvm: DNE
disco_hhvm: DNE
eoan_hhvm: DNE
focal_hhvm: DNE
groovy_hhvm: DNE
hirsute_hhvm: DNE
impish_hhvm: DNE
jammy_hhvm: DNE
devel_hhvm: DNE