Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zend-view@2.2.3
Typecomposer
Namespacezendframework
Namezend-view
Version2.2.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.7
Latest_non_vulnerable_version2.3.1
Affected_by_vulnerabilities
0
url VCID-bfmh-w43u-k7bq
vulnerability_id VCID-bfmh-w43u-k7bq
summary 
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Many Zend Framework 2 view helpers were using the `escapeHtml()` view helper in order to escape HTML attributes, instead of the more appropriate `escapeHtmlAttr()`. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack vectors.

Vulnerable view helpers include:

- All `Zend\Form` view helpers.
- Most `Zend\Navigation` (aka `Zend\View\Helper\Navigation\*`) view helpers.
- All "HTML Element" view helpers: `htmlFlash()`, `htmlPage()`, `htmlQuickTime()`.
- `Zend\View\Helper\Gravatar`
references
0
reference_url https://framework.zend.com/security/advisory/ZF2014-03
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2014-03
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-view/ZF2014-03.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-view/ZF2014-03.yaml
2
reference_url https://github.com/zendframework/zendframework/commit/12f89b587cd23dd781cde25c9dd2da75d8f829d7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/12f89b587cd23dd781cde25c9dd2da75d8f829d7
3
reference_url https://github.com/zendframework/zendframework/commit/1dd4f8cede07469390eef1e629f808349fa1b5ea
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/1dd4f8cede07469390eef1e629f808349fa1b5ea
4
reference_url https://github.com/zendframework/zendframework/commit/6742ddad7a7923163cea6dd58d27d0e946a402d1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/6742ddad7a7923163cea6dd58d27d0e946a402d1
5
reference_url https://github.com/zendframework/zendframework/commit/ec6c0468514c111a244552cfb7cf575a726e017e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/ec6c0468514c111a244552cfb7cf575a726e017e
6
reference_url https://github.com/zendframework/zend-view
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zend-view
7
reference_url https://github.com/advisories/GHSA-m7hr-j867-3f34
reference_id GHSA-m7hr-j867-3f34
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m7hr-j867-3f34
fixed_packages
0
url pkg:composer/zendframework/zend-view@2.2.7
purl pkg:composer/zendframework/zend-view@2.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-view@2.2.7
1
url pkg:composer/zendframework/zend-view@2.3.1
purl pkg:composer/zendframework/zend-view@2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-view@2.3.1
aliases GHSA-m7hr-j867-3f34
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfmh-w43u-k7bq
1
url VCID-eezd-92tv-mkdf
vulnerability_id VCID-eezd-92tv-mkdf
summary 
Cross-site Scripting
Potential XSS vector in multiple view helpers.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2014-03
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2014-03
fixed_packages
0
url pkg:composer/zendframework/zend-view@2.2.7
purl pkg:composer/zendframework/zend-view@2.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-view@2.2.7
1
url pkg:composer/zendframework/zend-view@2.3.1
purl pkg:composer/zendframework/zend-view@2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-view@2.3.1
aliases ZF2014-03
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eezd-92tv-mkdf
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-view@2.2.3