Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/52407?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/52407?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.17", "type": "composer", "namespace": "zendframework", "name": "zendframework1", "version": "1.12.17", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.12.20", "latest_non_vulnerable_version": "1.12.20", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38158?format=api", "vulnerability_id": "VCID-2xx4-77e9-pfbb", "summary": "Potential SQL injection\nThe implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection.", "references": [ { "reference_url": "https://framework.zend.com/security/advisory/ZF2016-02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://framework.zend.com/security/advisory/ZF2016-02" }, { "reference_url": "https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52823?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rc3w-5r97-k3b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19" } ], "aliases": [ "ZF2016-02" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xx4-77e9-pfbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38482?format=api", "vulnerability_id": "VCID-bjvu-jg9w-mqdd", "summary": "SQL Injection\nThe (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\\w]*` in a regular expression.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01724", "scoring_system": "epss", "scoring_elements": "0.82763", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6233" }, { "reference_url": "https://framework.zend.com/security/advisory/ZF2016-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://framework.zend.com/security/advisory/ZF2016-02" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2016-6233.yaml" }, { "reference_url": "https://github.com/zendframework/zendframework", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zendframework" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT" }, { "reference_url": "https://security.gentoo.org/glsa/201804-10", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201804-10" }, { "reference_url": "https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123152547/http://www.securityfocus.com/bid/91802" }, { "reference_url": "http://www.securityfocus.com/bid/91802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/91802" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6233", "reference_id": "CVE-2016-6233", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6233" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52823?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-rc3w-5r97-k3b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.19" } ], "aliases": [ "CVE-2016-6233", "GHSA-p9hp-3gpv-52w3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjvu-jg9w-mqdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38088?format=api", "vulnerability_id": "VCID-n2gy-93nd-gber", "summary": "Potential Insufficient Entropy Vulnerability in ZF1.", "references": [ { "reference_url": "https://framework.zend.com/security/advisory/ZF2016-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://framework.zend.com/security/advisory/ZF2016-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52645?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18" } ], "aliases": [ "ZF2016-01" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2gy-93nd-gber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38208?format=api", "vulnerability_id": "VCID-rc3w-5r97-k3b3", "summary": "Potential SQL injection in ORDER and GROUP functions\nThe implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used.", "references": [ { "reference_url": "https://framework.zend.com/security/advisory/ZF2016-03", "reference_id": "", "reference_type": "", "scores": [], "url": "https://framework.zend.com/security/advisory/ZF2016-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52880?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.20", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.20" } ], "aliases": [ "ZF2016-03" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc3w-5r97-k3b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38087?format=api", "vulnerability_id": "VCID-sjw9-2fwe-5ybg", "summary": "Potential Insufficient Entropy\nThere are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.", "references": [ { "reference_url": "http://framework.zend.com/security/advisory/ZF2016-01", "reference_id": "", "reference_type": "", "scores": [], "url": "http://framework.zend.com/security/advisory/ZF2016-01" }, { "reference_url": "https://bugs.php.net/bug.php?id=70014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.php.net/bug.php?id=70014" }, { "reference_url": "https://github.com/paragonie/random_compat/issues/96", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/paragonie/random_compat/issues/96" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52645?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.18", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18" } ], "aliases": [ "ZF2016-11" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sjw9-2fwe-5ybg" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37948?format=api", "vulnerability_id": "VCID-8atm-865q-mkf3", "summary": "Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\\Captcha\\Word`.", "references": [ { "reference_url": "https://framework.zend.com/security/advisory/ZF2015-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://framework.zend.com/security/advisory/ZF2015-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52407?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17" } ], "aliases": [ "ZF2015-09" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55292?format=api", "vulnerability_id": "VCID-h5yf-ahec-gbgx", "summary": "Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability\nIn Zend Framework, Zend_Captcha_Word (v1) and Zend\\Captcha\\Word (v2) generate a \"word\" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal array_rand() function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as openssl_pseudo_random_bytes(). This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.", "references": [ { "reference_url": "https://framework.zend.com/security/advisory/ZF2015-09", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://framework.zend.com/security/advisory/ZF2015-09" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-09.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2015-09.yaml" }, { "reference_url": "https://github.com/zendframework/zf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1" }, { "reference_url": "https://github.com/advisories/GHSA-848f-mph5-9pm9", "reference_id": "GHSA-848f-mph5-9pm9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-848f-mph5-9pm9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52407?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17" } ], "aliases": [ "GHSA-848f-mph5-9pm9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h5yf-ahec-gbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37953?format=api", "vulnerability_id": "VCID-q73m-16a9-rkgx", "summary": "Potential Information Disclosure and Insufficient Entropy in Zend\\Captcha\\Word\nZend generates a \"word\" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.", "references": [ { "reference_url": "http://framework.zend.com/security/advisory/ZF2015-09", "reference_id": "", "reference_type": "", "scores": [], "url": "http://framework.zend.com/security/advisory/ZF2015-09" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52407?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17" } ], "aliases": [ "GMS-2015-49" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q73m-16a9-rkgx" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.17" }