Coinbase: User provided values passed to PHP unset() function

In the Coinbase wpe commerce open source library, a researcher observed a call to the PHP unset function that relied on user controlled input. The reporter observed that this could allow a malicious user to destroy arbitrary variables in the environment where this library is deployed...