Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/zendframework/zendframework@2.4.0

Type composer

Namespace zendframework

Name zendframework

Version 2.4.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.5.2

Latest_non_vulnerable_version 2.5.2

Affected_by_vulnerabilities

url VCID-5bm4-grk6-w7hk

vulnerability_id VCID-5bm4-grk6-w7hk

summary

CRLF Injection
Potential CRLF injection attacks in mail and HTTP headers.

references

reference_url	http://framework.zend.com/security/advisory/ZF2015-04
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-04

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3154

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.51029
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3154

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154

reference_url

https://framework.zend.com/security/advisory/ZF2015-04

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-04

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml

reference_url

https://github.com/zendframework/zendframework

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zendframework

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3154

reference_id

CVE-2015-3154

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3154

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.1

purl pkg:composer/zendframework/zendframework@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-vmut-b2y4-rkcp

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.1

aliases CVE-2015-3154, GHSA-5957-5crx-79jx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bm4-grk6-w7hk

url VCID-8atm-865q-mkf3

vulnerability_id VCID-8atm-865q-mkf3

summary Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2015-09

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.9

purl pkg:composer/zendframework/zendframework@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9

url pkg:composer/zendframework/zendframework@2.5.0

purl pkg:composer/zendframework/zendframework@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-vmut-b2y4-rkcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0

aliases ZF2015-09

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3

url VCID-8fwb-56kb-jubf

vulnerability_id VCID-8fwb-56kb-jubf

summary

Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.

references

reference_url	http://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-10

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7503

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48349
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7503

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1283137

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1283137

reference_url

https://framework.zend.com/security/advisory/ZF2015-10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-10

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml

reference_url

https://github.com/zendframework/zendframework

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zendframework

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7503

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7503

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.9

purl pkg:composer/zendframework/zendframework@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9

url	pkg:composer/zendframework/zendframework@2.5.2
purl	pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2

aliases CVE-2015-7503, GHSA-pm9m-w23q-5967

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fwb-56kb-jubf

url VCID-njsg-e1w1-9qcy

vulnerability_id VCID-njsg-e1w1-9qcy

summary

XXE/XEE vulnerability via multibyte payloads
There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_id

reference_type

scores

value	0.39093
scoring_system	epss
scoring_elements	0.97355
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_url

https://framework.zend.com/security/advisory/ZF2015-06

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-06

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_url

https://github.com/zendframework/zf1/issues/393

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/issues/393

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_url

https://www.exploit-db.com/exploits/37765

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/37765

reference_url

http://www.debian.org/security/2015/dsa-3340

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3340

reference_url

http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76177

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
reference_id	CVE-2015-5161
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt

reference_url

http://framework.zend.com/security/advisory/ZF2015-06

reference_id

CVE-2015-5161;OSVDB-125783

reference_type

exploit

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-06

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
reference_id	CVE-2015-5161;OSVDB-125783
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.6

purl pkg:composer/zendframework/zendframework@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-q74z-645k-c7dk

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-vmut-b2y4-rkcp

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.6

url	pkg:composer/zendframework/zendframework@2.5.2
purl	pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2

aliases CVE-2015-5161, GHSA-xp8p-9rq5-4wgv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsg-e1w1-9qcy

url VCID-q74z-645k-c7dk

vulnerability_id VCID-q74z-645k-c7dk

summary

Security Misconfiguration Vulnerability
Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of

references

reference_url

http://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.10216
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7695

reference_url

https://framework.zend.com/security/advisory/ZF2015-07

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-07

reference_url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-php/releases/tag/3.2.1

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/doctrine/orm/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-cache/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5723.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zfcampus/zf-apigility-doctrine/CVE-2015-5723.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IUUC7HPN4XE5NNTG4MR76OC662XRZUO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HPS7A54FQ2CR6PH4NDR6UIYJIRNFXW67

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5723

reference_url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723
reference_id
reference_type
scores
url	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5723

reference_url

http://www.debian.org/security/2015/dsa-3369

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3369

reference_url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.8

purl pkg:composer/zendframework/zendframework@2.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-vmut-b2y4-rkcp

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.8

aliases CVE-2015-5723, GHSA-pw5c-xqf2-6xc2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q74z-645k-c7dk

url VCID-qs6q-pjks-euh4

vulnerability_id VCID-qs6q-pjks-euh4

summary

Remote code execution in zend-mail via Sendmail adapter
A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.

references

reference_url	https://framework.zend.com/security/advisory/ZF2016-04
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2016-04

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.11

purl pkg:composer/zendframework/zendframework@2.4.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.11

url pkg:composer/zendframework/zendframework@2.5.0

purl pkg:composer/zendframework/zendframework@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-vmut-b2y4-rkcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0

aliases ZF2016-04

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs6q-pjks-euh4

url VCID-vmut-b2y4-rkcp

vulnerability_id VCID-vmut-b2y4-rkcp

summary

Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

references

reference_url	http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-09

fixed_packages

url pkg:composer/zendframework/zendframework@2.4.9

purl pkg:composer/zendframework/zendframework@2.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qs6q-pjks-euh4

vulnerability	VCID-wz4g-j8zt-ruff

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9

url	pkg:composer/zendframework/zendframework@2.5.2
purl	pkg:composer/zendframework/zendframework@2.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2

aliases GMS-2015-48

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vmut-b2y4-rkcp

url VCID-wz4g-j8zt-ruff

vulnerability_id VCID-wz4g-j8zt-ruff

summary

URL Redirection to Untrusted Site (Open Redirect)
URL Rewrite vulnerability.

references

reference_url	https://framework.zend.com/security/advisory/ZF2018-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2018-01

fixed_packages

url pkg:composer/zendframework/zendframework@2.5.0

purl pkg:composer/zendframework/zendframework@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8fwb-56kb-jubf

vulnerability	VCID-njsg-e1w1-9qcy

vulnerability	VCID-vmut-b2y4-rkcp

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.0

aliases ZF2018-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz4g-j8zt-ruff

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.0

Package Instance