Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xdmdnLXI2cnEtdndmeM4AA8G7
datadog/dd-trace Circumvents open_basedir INI directive
datadog/dd-trace versions 0.30.0 prior to 0.30.2 are affected by a security and stability issue outlined in PR #579. This pull request ensures that the ddtrace.request_init_hook remains bound by the open_basedir INI directive, effectively addressing potential vulnerabilities related to open_basedir restrictions.
The update introduces a sandboxing mechanism to isolate the request init hook from errors or exceptions during execution, enhancing the library's stability and preventing adverse impacts on the main script.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xdmdnLXI2cnEtdndmeM4AA8G7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 7 months ago
Updated: 7 months ago
Identifiers: GHSA-qvgg-r6rq-vwfx
References:
- https://github.com/DataDog/dd-trace-php/pull/579
- https://github.com/DataDog/dd-trace-php/commit/87fc324eb63d533b35464f1dfca946795f2294fd
- https://github.com/DataDog/dd-trace-php/releases/tag/0.30.0
- https://github.com/DataDog/dd-trace-php/releases/tag/0.30.2
- https://github.com/FriendsOfPHP/security-advisories/blob/master/datadog/dd-trace/2019-09-26-1.yaml
- https://github.com/advisories/GHSA-qvgg-r6rq-vwfx
Blast Radius: 0.0
Affected Packages
packagist:datadog/dd-trace
Dependent packages: 13Dependent repositories: 25
Downloads: 12,850,979 total
Affected Version Ranges: >= 0.30.0, < 0.30.2
Fixed in: 0.30.2
All affected versions: 0.30.0, 0.30.1
All unaffected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.6, 0.2.7, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.6.0, 0.7.0, 0.7.1, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.12.0, 0.12.1, 0.12.2, 0.13.0, 0.13.1, 0.13.2, 0.13.3, 0.13.4, 0.14.0, 0.14.1, 0.14.2, 0.15.0, 0.15.1, 0.16.0, 0.16.1, 0.17.0, 0.18.0, 0.19.0, 0.19.1, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.27.1, 0.27.2, 0.28.0, 0.28.1, 0.29.0, 0.30.2, 0.31.0, 0.32.0, 0.32.1, 0.33.0, 0.34.0, 0.34.1, 0.35.0, 0.36.0, 0.36.1, 0.37.0, 0.37.1, 0.38.0, 0.38.1, 0.39.0, 0.39.1, 0.39.2, 0.40.0, 0.41.0, 0.41.1, 0.42.0, 0.43.0, 0.44.0, 0.44.1, 0.45.0, 0.45.1, 0.45.2, 0.46.0, 0.47.0, 0.47.1, 0.48.0, 0.48.1, 0.48.2, 0.48.3, 0.49.0, 0.50.0, 0.51.0, 0.52.0, 0.53.0, 0.54.0, 0.55.0, 0.56.0, 0.57.0, 0.58.0, 0.59.0, 0.60.0, 0.61.0, 0.62.0, 0.62.1, 0.63.0, 0.64.0, 0.64.1, 0.65.0, 0.65.1, 0.66.0, 0.67.0, 0.68.0, 0.68.1, 0.68.2, 0.69.0, 0.70.0, 0.70.1, 0.71.0, 0.71.1, 0.72.0, 0.73.0, 0.74.0, 0.75.0, 0.76.0, 0.76.1, 0.76.2, 0.77.0, 0.78.0, 0.79.0, 0.79.0, 0.80.0, 0.81.0, 0.81.1, 0.82.0, 0.83.0, 0.83.1, 0.84.0, 0.85.0, 0.86.0, 0.86.1, 0.86.2, 0.86.3, 0.87.0, 0.87.1, 0.87.2, 0.88.0, 0.88.1, 0.89.0, 0.90.0, 0.91.0, 0.91.1, 0.91.2, 0.92.0, 0.92.1, 0.92.2, 0.93.0, 0.93.1, 0.93.2, 0.94.0, 0.94.1, 0.95.0, 0.96.0, 0.97.0, 0.98.0, 0.98.1, 0.99.0, 0.99.1, 1.0.0, 1.1.0, 1.2.0, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1