CVE-2019-20455: Improper Certificate Validation
(updated )
Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
References
- github.com/advisories/GHSA-pm77-c4q7-3fwj
- github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0
- github.com/globalpayments/php-sdk/pull/8
- github.com/globalpayments/php-sdk/pull/8/commits/c86e18f28c5eba0d6ede7d557756d978ea83d3c9
- github.com/globalpayments/php-sdk/releases/tag/2.0.0
- nvd.nist.gov/vuln/detail/CVE-2019-20455
- winterdragon.ca/global-payments-vulnerability/
Code Behaviors & Features
Detect and mitigate CVE-2019-20455 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →