GHSA-9wv8-3h8h-x2wc: doctrine/doctrine-module zero-valued authentication credentials vulnerability
it is possible (under certain circumstances) to obtain a valid Zend\Authentication identity even without knowing the user’s credentials by using a numerically valued credential in DoctrineModule\Authentication\Adapter\ObjectRepository.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/doctrine-module/2013-05-16.yaml
- github.com/advisories/GHSA-9wv8-3h8h-x2wc
- github.com/doctrine/DoctrineModule
- github.com/doctrine/DoctrineModule/commit/78018ef568c52e65a0b17e7bd5a4c90fe6673e84
- github.com/doctrine/DoctrineModule/issues/248
- github.com/doctrine/DoctrineModule/issues/249
Detect and mitigate GHSA-9wv8-3h8h-x2wc with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →