GHSA-w5mj-j45q-m638: ZendFramework1 Potential Security Issues in Bundled Dojo Library

June 7, 2024

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website:

http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several files in the Dojo tree were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the tree when deploying to production.

References

github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2010-07.yaml
github.com/advisories/GHSA-w5mj-j45q-m638
github.com/zendframework/zf1
web.archive.org/web/20210509072723/https://framework.zend.com/security/advisory/ZF2010-07

Detect and mitigate GHSA-w5mj-j45q-m638 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →