GHSA-qg7m-mwxm-j3h7: Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being disabled.
References
- framework.zend.com/security/advisory/ZF2019-01
- github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-developer-tools/ZF2019-01.yaml
- github.com/advisories/GHSA-qg7m-mwxm-j3h7
- github.com/zendframework/zend-developer-tools
- github.com/zendframework/zend-developer-tools/commit/ce27f4624cf947bea2d746244b1ed6de10e22f1f
Detect and mitigate GHSA-qg7m-mwxm-j3h7 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →