CVE-2015-5723: Security Misconfiguration Vulnerability in various Doctrine projects

June 7, 2016 (updated November 28, 2016)

Doctrine Annotations allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

References

www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

Code Behaviors & Features

Detect and mitigate CVE-2015-5723 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →