#Code Injection Vulnerability via unserialize() Function and var_export() Function in HHVM 3
Taoguang Chen <@chtg> - 2014.10.29
HHVM's var_export() function wrongly handles an undefined class, and unserialize() function wrongly handles an invalid classname.
##HHVM's var_export() function HHVM's var_export() function had a parse error when exporting an undefined class: