Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/63559?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/63559?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.0-rc1", "type": "composer", "namespace": "zendframework", "name": "zendframework1", "version": "1.12.0-rc1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.12.20", "latest_non_vulnerable_version": "1.12.20", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111046?format=api", "vulnerability_id": "VCID-4f52-bffk-eug2", "summary": "Zend Framework XEE Vulnerability\n(1) `Zend_Dom`, (2) `Zend_Feed`, (3) `Zend_Soap`, and (4) `Zend_XmlRpc` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.", "references": [ { "reference_url": "http://framework.zend.com/security/advisory/ZF2012-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://framework.zend.com/security/advisory/ZF2012-02" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6532", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65144", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00474", "scoring_system": "epss", "scoring_elements": "0.65101", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6532" }, { "reference_url": "https://github.com/zendframework/zf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1" }, { "reference_url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6532", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6532" }, { "reference_url": "https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115" }, { "reference_url": "https://github.com/advisories/GHSA-jh4x-4wmf-67pr", "reference_id": "GHSA-jh4x-4wmf-67pr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jh4x-4wmf-67pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51134?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ncq-wptr-k3ha" }, { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-5bm4-grk6-w7hk" }, { "vulnerability": "VCID-649h-2f2f-nbam" }, { "vulnerability": "VCID-6fzg-den8-rqc8" }, { "vulnerability": "VCID-6xpr-93ef-27cu" }, { "vulnerability": "VCID-8atm-865q-mkf3" }, { "vulnerability": "VCID-9bm9-b48z-zqcm" }, { "vulnerability": "VCID-a72a-7k6u-rqgr" }, { "vulnerability": "VCID-afnn-53q5-wqft" }, { "vulnerability": "VCID-b1da-n1u7-43hj" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-c8kp-n8m3-2khe" }, { "vulnerability": "VCID-cp1a-fprd-9fhk" }, { "vulnerability": "VCID-e9ut-smfp-7yb4" }, { "vulnerability": "VCID-grk8-aj34-hqb4" }, { "vulnerability": "VCID-h5yf-ahec-gbgx" }, { "vulnerability": "VCID-j5kg-jzxz-ruam" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-njsg-e1w1-9qcy" }, { "vulnerability": "VCID-nsuf-xar5-f3hj" }, { "vulnerability": "VCID-ps73-776n-zffn" }, { "vulnerability": "VCID-q73m-16a9-rkgx" }, { "vulnerability": "VCID-q74z-645k-c7dk" }, { "vulnerability": "VCID-r5y8-nc2w-kqde" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" }, { "vulnerability": "VCID-tpdc-c3mz-zyd2" }, { "vulnerability": "VCID-uvgx-4m6v-2bg7" }, { "vulnerability": "VCID-wkkp-82dc-huhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0" } ], "aliases": [ "CVE-2012-6532", "GHSA-jh4x-4wmf-67pr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4f52-bffk-eug2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111422?format=api", "vulnerability_id": "VCID-nkxr-brbk-x7dj", "summary": "Zend Framework XEE Vulnerability\n(1) `Zend_Dom`, (2) `Zend_Feed`, and (3) `Zend_Soap` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00905", "scoring_system": "epss", "scoring_elements": "0.76146", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00905", "scoring_system": "epss", "scoring_elements": "0.76121", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6531" }, { "reference_url": "https://github.com/zendframework/zf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1" }, { "reference_url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6531" }, { "reference_url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2505", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2505" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/26/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/26/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/26/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/26/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/27/2" }, { "reference_url": "https://github.com/advisories/GHSA-h5p3-7mg6-hgj4", "reference_id": "GHSA-h5p3-7mg6-hgj4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h5p3-7mg6-hgj4" }, { "reference_url": "http://framework.zend.com/security/advisory/ZF2012-01", "reference_id": "OSVDB-83221;CVE-2012-3363", "reference_type": "exploit", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://framework.zend.com/security/advisory/ZF2012-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51134?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ncq-wptr-k3ha" }, { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-5bm4-grk6-w7hk" }, { "vulnerability": "VCID-649h-2f2f-nbam" }, { "vulnerability": "VCID-6fzg-den8-rqc8" }, { "vulnerability": "VCID-6xpr-93ef-27cu" }, { "vulnerability": "VCID-8atm-865q-mkf3" }, { "vulnerability": "VCID-9bm9-b48z-zqcm" }, { "vulnerability": "VCID-a72a-7k6u-rqgr" }, { "vulnerability": "VCID-afnn-53q5-wqft" }, { "vulnerability": "VCID-b1da-n1u7-43hj" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-c8kp-n8m3-2khe" }, { "vulnerability": "VCID-cp1a-fprd-9fhk" }, { "vulnerability": "VCID-e9ut-smfp-7yb4" }, { "vulnerability": "VCID-grk8-aj34-hqb4" }, { "vulnerability": "VCID-h5yf-ahec-gbgx" }, { "vulnerability": "VCID-j5kg-jzxz-ruam" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-njsg-e1w1-9qcy" }, { "vulnerability": "VCID-nsuf-xar5-f3hj" }, { "vulnerability": "VCID-ps73-776n-zffn" }, { "vulnerability": "VCID-q73m-16a9-rkgx" }, { "vulnerability": "VCID-q74z-645k-c7dk" }, { "vulnerability": "VCID-r5y8-nc2w-kqde" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" }, { "vulnerability": "VCID-tpdc-c3mz-zyd2" }, { "vulnerability": "VCID-uvgx-4m6v-2bg7" }, { "vulnerability": "VCID-wkkp-82dc-huhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0" } ], "aliases": [ "CVE-2012-6531", "GHSA-h5p3-7mg6-hgj4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkxr-brbk-x7dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112405?format=api", "vulnerability_id": "VCID-nsuf-xar5-f3hj", "summary": "Zend Framework XXE Vulnerability\nThe (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.", "references": [ { "reference_url": "http://framework.zend.com/security/advisory/ZF2012-05", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://framework.zend.com/security/advisory/ZF2012-05" }, { "reference_url": "http://openwall.com/lists/oss-security/2012/12/20/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2012/12/20/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2012/12/20/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2012/12/20/4" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72866", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00719", "scoring_system": "epss", "scoring_elements": "0.72828", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5657" }, { "reference_url": "https://github.com/zendframework/zf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1" }, { "reference_url": "https://github.com/zendframework/zf1/commit/15c84914f063efea49ea1c4425459a792cc185ea", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1/commit/15c84914f063efea49ea1c4425459a792cc185ea" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5657", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5657" }, { "reference_url": "https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2602", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2602" }, { "reference_url": "https://github.com/advisories/GHSA-9m5v-vq4f-mrvf", "reference_id": "GHSA-9m5v-vq4f-mrvf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9m5v-vq4f-mrvf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51343?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ncq-wptr-k3ha" }, { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-5bm4-grk6-w7hk" }, { "vulnerability": "VCID-649h-2f2f-nbam" }, { "vulnerability": "VCID-6fzg-den8-rqc8" }, { "vulnerability": "VCID-6xpr-93ef-27cu" }, { "vulnerability": "VCID-8atm-865q-mkf3" }, { "vulnerability": "VCID-9bm9-b48z-zqcm" }, { "vulnerability": "VCID-a72a-7k6u-rqgr" }, { "vulnerability": "VCID-afnn-53q5-wqft" }, { "vulnerability": "VCID-b1da-n1u7-43hj" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-c8kp-n8m3-2khe" }, { "vulnerability": "VCID-e9ut-smfp-7yb4" }, { "vulnerability": "VCID-grk8-aj34-hqb4" }, { "vulnerability": "VCID-h5yf-ahec-gbgx" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-njsg-e1w1-9qcy" }, { "vulnerability": "VCID-ps73-776n-zffn" }, { "vulnerability": "VCID-q73m-16a9-rkgx" }, { "vulnerability": "VCID-q74z-645k-c7dk" }, { "vulnerability": "VCID-r5y8-nc2w-kqde" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" }, { "vulnerability": "VCID-tpdc-c3mz-zyd2" }, { "vulnerability": "VCID-uvgx-4m6v-2bg7" }, { "vulnerability": "VCID-wkkp-82dc-huhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.1" } ], "aliases": [ "CVE-2012-5657", "GHSA-9m5v-vq4f-mrvf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nsuf-xar5-f3hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44186?format=api", "vulnerability_id": "VCID-wbb2-mubf-ukhk", "summary": "Zend Framework XXE Vulnerability\nZend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.55118", "scoring_system": "epss", "scoring_elements": "0.98097", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.55118", "scoring_system": "epss", "scoring_elements": "0.98098", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3363" }, { "reference_url": "https://github.com/zendframework/zf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1" }, { "reference_url": "https://github.com/zendframework/zf1/commit/281a3251d71ed40a5289ec4afc355eea8e014dc5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1/commit/281a3251d71ed40a5289ec4afc355eea8e014dc5" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225345", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=225345" }, { "reference_url": "https://web.archive.org/web/20170223044943/http://www.securitytracker.com/id?1027208", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170223044943/http://www.securitytracker.com/id?1027208" }, { "reference_url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2505", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://www.debian.org/security/2012/dsa-2505" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/26/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/26/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/26/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/26/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/27/2" }, { "reference_url": "http://www.securitytracker.com/id?1027208", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://www.securitytracker.com/id?1027208" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3363", "reference_id": "CVE-2012-3363", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3363" }, { "reference_url": "https://github.com/advisories/GHSA-7pg4-5233-82jv", "reference_id": "GHSA-7pg4-5233-82jv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7pg4-5233-82jv" }, { "reference_url": "http://framework.zend.com/security/advisory/ZF2012-01", "reference_id": "OSVDB-83221;CVE-2012-3363", "reference_type": "exploit", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/" } ], "url": "http://framework.zend.com/security/advisory/ZF2012-01" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/19408.txt", "reference_id": "OSVDB-83221;CVE-2012-3363", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/19408.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51134?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ncq-wptr-k3ha" }, { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-5bm4-grk6-w7hk" }, { "vulnerability": "VCID-649h-2f2f-nbam" }, { "vulnerability": "VCID-6fzg-den8-rqc8" }, { "vulnerability": "VCID-6xpr-93ef-27cu" }, { "vulnerability": "VCID-8atm-865q-mkf3" }, { "vulnerability": "VCID-9bm9-b48z-zqcm" }, { "vulnerability": "VCID-a72a-7k6u-rqgr" }, { "vulnerability": "VCID-afnn-53q5-wqft" }, { "vulnerability": "VCID-b1da-n1u7-43hj" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-c8kp-n8m3-2khe" }, { "vulnerability": "VCID-cp1a-fprd-9fhk" }, { "vulnerability": "VCID-e9ut-smfp-7yb4" }, { "vulnerability": "VCID-grk8-aj34-hqb4" }, { "vulnerability": "VCID-h5yf-ahec-gbgx" }, { "vulnerability": "VCID-j5kg-jzxz-ruam" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-njsg-e1w1-9qcy" }, { "vulnerability": "VCID-nsuf-xar5-f3hj" }, { "vulnerability": "VCID-ps73-776n-zffn" }, { "vulnerability": "VCID-q73m-16a9-rkgx" }, { "vulnerability": "VCID-q74z-645k-c7dk" }, { "vulnerability": "VCID-r5y8-nc2w-kqde" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" }, { "vulnerability": "VCID-tpdc-c3mz-zyd2" }, { "vulnerability": "VCID-uvgx-4m6v-2bg7" }, { "vulnerability": "VCID-wkkp-82dc-huhr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0" } ], "aliases": [ "CVE-2012-3363", "GHSA-7pg4-5233-82jv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbb2-mubf-ukhk" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0-rc1" }