Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/zendframework/zendframework@2.4.7

Type composer

Namespace zendframework

Name zendframework

Version 2.4.7

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.5.2

Latest_non_vulnerable_version 2.5.2

Affected_by_vulnerabilities

url VCID-8atm-865q-mkf3

vulnerability_id VCID-8atm-865q-mkf3

summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2015-09

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.9

purl pkg:composer/zendframework/zendframework@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9

url pkg:composer/zendframework/zendframework@2.5.0

purl pkg:composer/zendframework/zendframework@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-vmut-b2y4-rkcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0

aliases ZF2015-09

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3

url VCID-8fwb-56kb-jubf

vulnerability_id VCID-8fwb-56kb-jubf

summary

Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.

references

reference_url	http://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-10

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7503

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48349
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7503

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1283137

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1283137

reference_url

https://framework.zend.com/security/advisory/ZF2015-10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-10

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml

reference_url

https://github.com/zendframework/zendframework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zendframework

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7503

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7503

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.9

purl pkg:composer/zendframework/zendframework@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9

url	pkg:composer/zendframework/zendframework@2.5.2
purl	pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2

aliases CVE-2015-7503, GHSA-pm9m-w23q-5967

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fwb-56kb-jubf

url VCID-q74z-645k-c7dk

vulnerability_id VCID-q74z-645k-c7dk

summary

Security Misconfiguration Vulnerability
Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of

references

reference_url

http://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10216
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695

reference_url

https://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723

reference_url

http://www.debian.org/security/2015/dsa-3369

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3369

reference_url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.8

purl pkg:composer/zendframework/zendframework@2.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-vmut-b2y4-rkcp

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.8

aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q74z-645k-c7dk

url VCID-qs6q-pjks-euh4

vulnerability_id VCID-qs6q-pjks-euh4

summary

Remote code execution in zend-mail via Sendmail adapter
A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-04
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-04

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.11

purl pkg:composer/zendframework/zendframework@2.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.11

url pkg:composer/zendframework/zendframework@2.5.0

purl pkg:composer/zendframework/zendframework@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-vmut-b2y4-rkcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0

aliases ZF2016-04

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs6q-pjks-euh4

url VCID-vmut-b2y4-rkcp

vulnerability_id VCID-vmut-b2y4-rkcp

summary

Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

references

reference_url	http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-09

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.9

purl pkg:composer/zendframework/zendframework@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9

url	pkg:composer/zendframework/zendframework@2.5.2
purl	pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2

aliases GMS-2015-48

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vmut-b2y4-rkcp

url VCID-wz4g-j8zt-ruff

vulnerability_id VCID-wz4g-j8zt-ruff

summary

URL Redirection to Untrusted Site (Open Redirect)
URL Rewrite vulnerability.

references

reference_url	https://framework.zend.com/security/advisory/ZF2018-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2018-01

fixed_packages

url pkg:composer/zendframework/zendframework@2.5.0

purl pkg:composer/zendframework/zendframework@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-vmut-b2y4-rkcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0

aliases ZF2018-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz4g-j8zt-ruff

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.7

Package Instance