Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zendframework1@1.12.15
Typecomposer
Namespacezendframework
Namezendframework1
Version1.12.15
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.12.20
Latest_non_vulnerable_version1.12.20
Affected_by_vulnerabilities
0
url VCID-2ncq-wptr-k3ha
vulnerability_id VCID-2ncq-wptr-k3ha
summary 
SQL Injection
Potential SQL injection vector using null byte for PDO (MsSql, SQLite).
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-08
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-08
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.16
purl pkg:composer/zendframework/zendframework1@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xx4-77e9-pfbb
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-bjvu-jg9w-mqdd
3
vulnerability VCID-n2gy-93nd-gber
4
vulnerability VCID-q73m-16a9-rkgx
5
vulnerability VCID-rc3w-5r97-k3b3
6
vulnerability VCID-sjw9-2fwe-5ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16
aliases ZF2015-08
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ncq-wptr-k3ha
1
url VCID-2xx4-77e9-pfbb
vulnerability_id VCID-2xx4-77e9-pfbb
summary 
Potential SQL injection
The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-02
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-02
1
reference_url https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
reference_id
reference_type
scores
url https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.19
purl pkg:composer/zendframework/zendframework1@1.12.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rc3w-5r97-k3b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19
aliases ZF2016-02
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xx4-77e9-pfbb
2
url VCID-8atm-865q-mkf3
vulnerability_id VCID-8atm-865q-mkf3
summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.17
purl pkg:composer/zendframework/zendframework1@1.12.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xx4-77e9-pfbb
1
vulnerability VCID-bjvu-jg9w-mqdd
2
vulnerability VCID-n2gy-93nd-gber
3
vulnerability VCID-rc3w-5r97-k3b3
4
vulnerability VCID-sjw9-2fwe-5ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17
aliases ZF2015-09
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3
3
url VCID-bjvu-jg9w-mqdd
vulnerability_id VCID-bjvu-jg9w-mqdd
summary 
SQL Injection
The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6233
reference_id
reference_type
scores
0
value 0.01724
scoring_system epss
scoring_elements 0.82763
published_at 2026-06-04T12:55:00Z
1
value 0.01724
scoring_system epss
scoring_elements 0.82788
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6233
1
reference_url https://framework.zend.com/security/advisory/ZF2016-02
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2016-02
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml
3
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT
7
reference_url https://security.gentoo.org/glsa/201804-10
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201804-10
8
reference_url https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802
9
reference_url http://www.securityfocus.com/bid/91802
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91802
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6233
reference_id CVE-2016-6233
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6233
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.19
purl pkg:composer/zendframework/zendframework1@1.12.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rc3w-5r97-k3b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19
aliases CVE-2016-6233, GHSA-p9hp-3gpv-52w3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjvu-jg9w-mqdd
4
url VCID-n2gy-93nd-gber
vulnerability_id VCID-n2gy-93nd-gber
summary Potential Insufficient Entropy Vulnerability in ZF1.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-01
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.18
purl pkg:composer/zendframework/zendframework1@1.12.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xx4-77e9-pfbb
1
vulnerability VCID-bjvu-jg9w-mqdd
2
vulnerability VCID-rc3w-5r97-k3b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18
aliases ZF2016-01
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2gy-93nd-gber
5
url VCID-q73m-16a9-rkgx
vulnerability_id VCID-q73m-16a9-rkgx
summary 
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-09
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.17
purl pkg:composer/zendframework/zendframework1@1.12.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xx4-77e9-pfbb
1
vulnerability VCID-bjvu-jg9w-mqdd
2
vulnerability VCID-n2gy-93nd-gber
3
vulnerability VCID-rc3w-5r97-k3b3
4
vulnerability VCID-sjw9-2fwe-5ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17
aliases GMS-2015-49
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q73m-16a9-rkgx
6
url VCID-q74z-645k-c7dk
vulnerability_id VCID-q74z-645k-c7dk
summary 
Security Misconfiguration Vulnerability
Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-07
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10261
published_at 2026-06-05T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10216
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5723
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
4
reference_url https://framework.zend.com/security/advisory/ZF2015-07
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-07
5
reference_url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml
8
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml
11
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5723
18
reference_url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
19
reference_url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
20
reference_url http://www.debian.org/security/2015/dsa-3369
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3369
21
reference_url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.16
purl pkg:composer/zendframework/zendframework1@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xx4-77e9-pfbb
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-bjvu-jg9w-mqdd
3
vulnerability VCID-n2gy-93nd-gber
4
vulnerability VCID-q73m-16a9-rkgx
5
vulnerability VCID-rc3w-5r97-k3b3
6
vulnerability VCID-sjw9-2fwe-5ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16
aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q74z-645k-c7dk
7
url VCID-rc3w-5r97-k3b3
vulnerability_id VCID-rc3w-5r97-k3b3
summary 
Potential SQL injection in ORDER and GROUP functions
The implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-03
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-03
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.20
purl pkg:composer/zendframework/zendframework1@1.12.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20
aliases ZF2016-03
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc3w-5r97-k3b3
8
url VCID-sjw9-2fwe-5ybg
vulnerability_id VCID-sjw9-2fwe-5ybg
summary 
Potential Insufficient Entropy
There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2016-01
1
reference_url https://bugs.php.net/bug.php?id=70014
reference_id
reference_type
scores
url https://bugs.php.net/bug.php?id=70014
2
reference_url https://github.com/paragonie/random_compat/issues/96
reference_id
reference_type
scores
url https://github.com/paragonie/random_compat/issues/96
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.18
purl pkg:composer/zendframework/zendframework1@1.12.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xx4-77e9-pfbb
1
vulnerability VCID-bjvu-jg9w-mqdd
2
vulnerability VCID-rc3w-5r97-k3b3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18
aliases ZF2016-11
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjw9-2fwe-5ybg
9
url VCID-uvgx-4m6v-2bg7
vulnerability_id VCID-uvgx-4m6v-2bg7
summary 
SQL injection vector using null byte for PDO
The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. This only impacts MsSql and SQLite adapters.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-08
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://framework.zend.com/security/advisory/ZF2015-08
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7695
reference_id
reference_type
scores
0
value 0.02248
scoring_system epss
scoring_elements 0.84906
published_at 2026-06-05T12:55:00Z
1
value 0.02248
scoring_system epss
scoring_elements 0.84884
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7695
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
4
reference_url https://github.com/zendframework/zf1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7695
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7695
6
reference_url http://www.debian.org/security/2015/dsa-3369
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3369
7
reference_url http://www.openwall.com/lists/oss-security/2015/09/30/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/30/6
8
reference_url http://www.openwall.com/lists/oss-security/2015/09/30/8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/09/30/8
9
reference_url http://www.openwall.com/lists/oss-security/2015/10/11/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/10/11/3
10
reference_url http://www.securityfocus.com/bid/76784
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76784
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.16
purl pkg:composer/zendframework/zendframework1@1.12.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xx4-77e9-pfbb
1
vulnerability VCID-8atm-865q-mkf3
2
vulnerability VCID-bjvu-jg9w-mqdd
3
vulnerability VCID-n2gy-93nd-gber
4
vulnerability VCID-q73m-16a9-rkgx
5
vulnerability VCID-rc3w-5r97-k3b3
6
vulnerability VCID-sjw9-2fwe-5ybg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.16
aliases CVE-2015-7695, GHSA-2hvh-c5c2-vj85
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvgx-4m6v-2bg7
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.15