GHSA-qvgg-r6rq-vwfx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qvgg-r6rq-vwfx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-qvgg-r6rq-vwfx/GHSA-qvgg-r6rq-vwfx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qvgg-r6rq-vwfx
- Published
- 2024-05-15T18:33:21Z
- Modified
- 2024-11-29T05:40:03.384354Z
- Summary
- datadog/dd-trace Circumvents open_basedir INI directive
- Details
-
datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR #579. This pull request ensures that the ddtrace.requestinithook remains bound by the openbasedir INI directive, effectively addressing potential vulnerabilities related to openbasedir restrictions. The update introduces a sandboxing mechanism to isolate the request init hook from errors or exceptions during execution, enhancing the library's stability and preventing adverse impacts on the main script.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-05-15T18:33:21Z" }- References
-
- https://github.com/DataDog/dd-trace-php/pull/579
- https://github.com/DataDog/dd-trace-php/commit/87fc324eb63d533b35464f1dfca946795f2294fd
- https://github.com/DataDog/dd-trace-php
- https://github.com/DataDog/dd-trace-php/releases/tag/0.30.0
- https://github.com/DataDog/dd-trace-php/releases/tag/0.30.2
- https://github.com/FriendsOfPHP/security-advisories/blob/master/datadog/dd-trace/2019-09-26-1.yaml
Affected packages
Packagist / datadog/dd-trace
Package
- Name
- datadog/dd-trace
- Purl
- pkg:composer/datadog/dd-trace