Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0282
Good to know:
Date: September 18, 2019
dd-trace-php version 0.30.0 circumvents open_basedir in the request_init_hook. If you rely on the open_basedir INI directive, It is highly recommended you upgrade to 0.30.2.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Protection Mechanism Failure
CWE-693Top Fix
Upgrade Version
Upgrade to version datadog/dd-trace - dev-pawel/compiler;datadog/dd-trace - dev-pawel/gitlab_snapshot;datadog/dd-trace - dev-pawel/test_old_ubuntu;datadog/dd-trace - dev-levi/experiment;datadog/dd-trace - dev-pawel/build_partial_flush;datadog/dd-trace - dev-ddtrace-0.30;datadog/dd-trace - dev-sammyk/build/patch-0.30.1;datadog/dd-trace - dev-pawel/build_custom_use_laravel_start_time_if_available;datadog/dd-trace - dev-pawel/use_laravel_start_time_if_available;datadog/dd-trace - dev-sammyk/sandbox-curl;datadog/dd-trace - dev-labbati/sandboxing-guzzle;ask664/dd-trace-for-tracing - dev-add_docker_for_php_5_4;ask664/dd-trace-for-tracing - dev-pawel/build_flush_via_curl;ask664/dd-trace-for-tracing - dev-labbati/e2e-tests;ask664/dd-trace-for-tracing - dev-sammyk/speed-up-composer-updates;ask664/dd-trace-for-tracing - dev-limit_span_creation_based_on_memory_limit;ask664/dd-trace-for-tracing - dev-pawel/messagepack;ask664/dd-trace-for-tracing - dev-master_disabled_pdo
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |