Vulnerability in Facebook Hhvm

CVE-2022-36937

HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4…

EPSS: 0.008 (75.0th percentile) — read the EPSS interpretation.

Affected products

Facebook Hhvm — versions 4.172.0, 4.171.0, 4.170.0

References

hhvm.com/blog/2023/01/20/security-update.html (x_refsource_CONFIRM)
github.com/facebook/hhvm/commit/083f5ffdee661f61512909d16f9a5b98cff3cf0b (x_refsource_MISC)