Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zend-form@2.1.4
Typecomposer
Namespacezendframework
Namezend-form
Version2.1.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.7
Latest_non_vulnerable_version2.3.1
Affected_by_vulnerabilities
0
url VCID-ansb-vwaz-puc6
vulnerability_id VCID-ansb-vwaz-puc6
summary 
Zend-Form vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml() view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr(). In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack vectors.

Vulnerable view helpers include:

- All `Zend\Form` view helpers.
- Most `Zend\Navigation` (aka `Zend\View\Helper\Navigation\*`) view helpers.
- All "HTML Element" view helpers: `htmlFlash()`, `htmlPage()`, `htmlQuickTime()`.
- `Zend\View\Helper\Gravatar`
references
0
reference_url https://framework.zend.com/security/advisory/ZF2014-03
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2014-03
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-form/ZF2014-03.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-form/ZF2014-03.yaml
2
reference_url https://github.com/zendframework/zend-form
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zend-form
3
reference_url https://github.com/zendframework/zend-form/commit/6fe40314e8e3477494aadd03d62573bd1c212bd1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zend-form/commit/6fe40314e8e3477494aadd03d62573bd1c212bd1
4
reference_url https://github.com/zendframework/zend-form/commit/d7a1f5bc4626b1df990391502a868b28c37ba65d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zend-form/commit/d7a1f5bc4626b1df990391502a868b28c37ba65d
5
reference_url https://github.com/zendframework/zend-form/commit/fd43a951460c4bc60c77a566129705f6bdb9c61b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zend-form/commit/fd43a951460c4bc60c77a566129705f6bdb9c61b
6
reference_url https://github.com/advisories/GHSA-gvpp-6jrj-5pqc
reference_id GHSA-gvpp-6jrj-5pqc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvpp-6jrj-5pqc
fixed_packages
0
url pkg:composer/zendframework/zend-form@2.2.7
purl pkg:composer/zendframework/zend-form@2.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-form@2.2.7
1
url pkg:composer/zendframework/zend-form@2.3.1
purl pkg:composer/zendframework/zend-form@2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-form@2.3.1
aliases GHSA-gvpp-6jrj-5pqc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ansb-vwaz-puc6
1
url VCID-eezd-92tv-mkdf
vulnerability_id VCID-eezd-92tv-mkdf
summary 
Cross-site Scripting
Potential XSS vector in multiple view helpers.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2014-03
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2014-03
fixed_packages
0
url pkg:composer/zendframework/zend-form@2.2.7
purl pkg:composer/zendframework/zend-form@2.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-form@2.2.7
1
url pkg:composer/zendframework/zend-form@2.3.1
purl pkg:composer/zendframework/zend-form@2.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-form@2.3.1
aliases ZF2014-03
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eezd-92tv-mkdf
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-form@2.1.4