Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zendframework@2.4.3
Typecomposer
Namespacezendframework
Namezendframework
Version2.4.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.2
Latest_non_vulnerable_version2.5.2
Affected_by_vulnerabilities
0
url VCID-8atm-865q-mkf3
vulnerability_id VCID-8atm-865q-mkf3
summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.9
purl pkg:composer/zendframework/zendframework@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8d1t-m4zy-dkf4
1
vulnerability VCID-qs6q-pjks-euh4
2
vulnerability VCID-wz4g-j8zt-ruff
3
vulnerability VCID-zfzg-uw7s-byhp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9
1
url pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fwb-56kb-jubf
1
vulnerability VCID-njsg-e1w1-9qcy
2
vulnerability VCID-vmut-b2y4-rkcp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0
aliases ZF2015-09
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3
1
url VCID-8d1t-m4zy-dkf4
vulnerability_id VCID-8d1t-m4zy-dkf4
summary 
Zendframework URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

When these headers are present on systems not running the specific URL rewriting mechanism, the logic would still trigger, allowing a malicious client or proxy to emulate the headers to request arbitrary content.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2018-01.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2018-01.yaml
1
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
2
reference_url https://web.archive.org/web/20210618220447/https://framework.zend.com/security/advisory/ZF2018-01
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210618220447/https://framework.zend.com/security/advisory/ZF2018-01
3
reference_url https://github.com/advisories/GHSA-fh7r-58q4-6387
reference_id GHSA-fh7r-58q4-6387
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh7r-58q4-6387
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fwb-56kb-jubf
1
vulnerability VCID-njsg-e1w1-9qcy
2
vulnerability VCID-vmut-b2y4-rkcp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0
aliases GHSA-fh7r-58q4-6387
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8d1t-m4zy-dkf4
2
url VCID-8fwb-56kb-jubf
vulnerability_id VCID-8fwb-56kb-jubf
summary 
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-10
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7503
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48349
published_at 2026-06-04T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48416
published_at 2026-06-06T12:55:00Z
2
value 0.00249
scoring_system epss
scoring_elements 0.48412
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7503
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1283137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1283137
3
reference_url https://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-10
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml
6
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7503
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.9
purl pkg:composer/zendframework/zendframework@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8d1t-m4zy-dkf4
1
vulnerability VCID-qs6q-pjks-euh4
2
vulnerability VCID-wz4g-j8zt-ruff
3
vulnerability VCID-zfzg-uw7s-byhp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9
1
url pkg:composer/zendframework/zendframework@2.5.2
purl pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2
aliases CVE-2015-7503, GHSA-pm9m-w23q-5967
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fwb-56kb-jubf
3
url VCID-njsg-e1w1-9qcy
vulnerability_id VCID-njsg-e1w1-9qcy
summary 
XXE/XEE vulnerability via multibyte payloads
There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
1
reference_url http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html
5
reference_url http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5161
reference_id
reference_type
scores
0
value 0.39093
scoring_system epss
scoring_elements 0.97361
published_at 2026-06-06T12:55:00Z
1
value 0.39093
scoring_system epss
scoring_elements 0.97355
published_at 2026-06-04T12:55:00Z
2
value 0.39093
scoring_system epss
scoring_elements 0.9736
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5161
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
8
reference_url http://seclists.org/fulldisclosure/2015/Aug/46
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2015/Aug/46
9
reference_url https://framework.zend.com/security/advisory/ZF2015-06
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-06
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml
13
reference_url https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532
14
reference_url https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b
15
reference_url https://github.com/zendframework/zf1/issues/393
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1/issues/393
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5161
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5161
17
reference_url https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177
18
reference_url https://www.exploit-db.com/exploits/37765
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/37765
19
reference_url http://www.debian.org/security/2015/dsa-3340
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3340
20
reference_url http://www.securityfocus.com/bid/76177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76177
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
reference_id CVE-2015-5161
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
22
reference_url http://framework.zend.com/security/advisory/ZF2015-06
reference_id CVE-2015-5161;OSVDB-125783
reference_type exploit
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-06
23
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
reference_id CVE-2015-5161;OSVDB-125783
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.6
purl pkg:composer/zendframework/zendframework@2.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8d1t-m4zy-dkf4
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-q74z-645k-c7dk
4
vulnerability VCID-qs6q-pjks-euh4
5
vulnerability VCID-vmut-b2y4-rkcp
6
vulnerability VCID-wrkx-jstz-8bhe
7
vulnerability VCID-wz4g-j8zt-ruff
8
vulnerability VCID-zfzg-uw7s-byhp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.6
1
url pkg:composer/zendframework/zendframework@2.5.2
purl pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2
aliases CVE-2015-5161, GHSA-xp8p-9rq5-4wgv
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsg-e1w1-9qcy
4
url VCID-q74z-645k-c7dk
vulnerability_id VCID-q74z-645k-c7dk
summary 
Security Misconfiguration Vulnerability
Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-07
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10261
published_at 2026-06-05T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10281
published_at 2026-06-06T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10216
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
4
reference_url https://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-07
5
reference_url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
18
reference_url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
19
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
20
reference_url http://www.debian.org/security/2015/dsa-3369
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3369
21
reference_url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.8
purl pkg:composer/zendframework/zendframework@2.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8atm-865q-mkf3
1
vulnerability VCID-8d1t-m4zy-dkf4
2
vulnerability VCID-8fwb-56kb-jubf
3
vulnerability VCID-qs6q-pjks-euh4
4
vulnerability VCID-vmut-b2y4-rkcp
5
vulnerability VCID-wrkx-jstz-8bhe
6
vulnerability VCID-wz4g-j8zt-ruff
7
vulnerability VCID-zfzg-uw7s-byhp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.8
aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q74z-645k-c7dk
5
url VCID-qs6q-pjks-euh4
vulnerability_id VCID-qs6q-pjks-euh4
summary 
Remote code execution in zend-mail via Sendmail adapter
A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-04
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-04
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.11
purl pkg:composer/zendframework/zendframework@2.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8d1t-m4zy-dkf4
1
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.11
1
url pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fwb-56kb-jubf
1
vulnerability VCID-njsg-e1w1-9qcy
2
vulnerability VCID-vmut-b2y4-rkcp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0
aliases ZF2016-04
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs6q-pjks-euh4
6
url VCID-vmut-b2y4-rkcp
vulnerability_id VCID-vmut-b2y4-rkcp
summary 
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.9
purl pkg:composer/zendframework/zendframework@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8d1t-m4zy-dkf4
1
vulnerability VCID-qs6q-pjks-euh4
2
vulnerability VCID-wz4g-j8zt-ruff
3
vulnerability VCID-zfzg-uw7s-byhp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9
1
url pkg:composer/zendframework/zendframework@2.5.2
purl pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2
aliases GMS-2015-48
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vmut-b2y4-rkcp
7
url VCID-wrkx-jstz-8bhe
vulnerability_id VCID-wrkx-jstz-8bhe
summary 
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\Captcha\Word` (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's `internal array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-09
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2015-09.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2015-09.yaml
2
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
3
reference_url https://github.com/zendframework/zendframework/commit/ced8ff93ef892a64885c03f5dfab3f788a219709
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/ced8ff93ef892a64885c03f5dfab3f788a219709
4
reference_url https://github.com/advisories/GHSA-2fhr-8r8r-qp56
reference_id GHSA-2fhr-8r8r-qp56
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2fhr-8r8r-qp56
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.9
purl pkg:composer/zendframework/zendframework@2.4.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8d1t-m4zy-dkf4
1
vulnerability VCID-qs6q-pjks-euh4
2
vulnerability VCID-wz4g-j8zt-ruff
3
vulnerability VCID-zfzg-uw7s-byhp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9
aliases GHSA-2fhr-8r8r-qp56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrkx-jstz-8bhe
8
url VCID-wz4g-j8zt-ruff
vulnerability_id VCID-wz4g-j8zt-ruff
summary 
URL Redirection to Untrusted Site (Open Redirect)
URL Rewrite vulnerability.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2018-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2018-01
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.5.0
purl pkg:composer/zendframework/zendframework@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8fwb-56kb-jubf
1
vulnerability VCID-njsg-e1w1-9qcy
2
vulnerability VCID-vmut-b2y4-rkcp
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0
aliases ZF2018-01
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz4g-j8zt-ruff
9
url VCID-zfzg-uw7s-byhp
vulnerability_id VCID-zfzg-uw7s-byhp
summary 
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
When using the zend-mail component to send email via the `Zend\Mail\Transport\Sendmail transport`, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2016-04.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2016-04.yaml
1
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
2
reference_url https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
3
reference_url https://web.archive.org/web/20201107093523/https://framework.zend.com/security/advisory/ZF2016-04
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201107093523/https://framework.zend.com/security/advisory/ZF2016-04
4
reference_url https://github.com/advisories/GHSA-gff2-p6vm-3p8g
reference_id GHSA-gff2-p6vm-3p8g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gff2-p6vm-3p8g
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.4.11
purl pkg:composer/zendframework/zendframework@2.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8d1t-m4zy-dkf4
1
vulnerability VCID-wz4g-j8zt-ruff
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.11
aliases GHSA-gff2-p6vm-3p8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zfzg-uw7s-byhp
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.3