Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/111422?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111422?format=api", "vulnerability_id": "VCID-nkxr-brbk-x7dj", "summary": "Zend Framework XEE Vulnerability\n(1) `Zend_Dom`, (2) `Zend_Feed`, and (3) `Zend_Soap` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.", "aliases": [ { "alias": "CVE-2012-6531" }, { "alias": "GHSA-h5p3-7mg6-hgj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51134?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ncq-wptr-k3ha" }, { "vulnerability": "VCID-2xx4-77e9-pfbb" }, { "vulnerability": "VCID-5bm4-grk6-w7hk" }, { "vulnerability": "VCID-649h-2f2f-nbam" }, { "vulnerability": "VCID-6xpr-93ef-27cu" }, { "vulnerability": "VCID-8atm-865q-mkf3" }, { "vulnerability": "VCID-9bm9-b48z-zqcm" }, { "vulnerability": "VCID-a72a-7k6u-rqgr" }, { "vulnerability": "VCID-afnn-53q5-wqft" }, { "vulnerability": "VCID-b1da-n1u7-43hj" }, { "vulnerability": "VCID-bjvu-jg9w-mqdd" }, { "vulnerability": "VCID-cp1a-fprd-9fhk" }, { "vulnerability": "VCID-e9ut-smfp-7yb4" }, { "vulnerability": "VCID-grk8-aj34-hqb4" }, { "vulnerability": "VCID-h5yf-ahec-gbgx" }, { "vulnerability": "VCID-j5kg-jzxz-ruam" }, { "vulnerability": "VCID-n2gy-93nd-gber" }, { "vulnerability": "VCID-njsg-e1w1-9qcy" }, { "vulnerability": "VCID-ps73-776n-zffn" }, { "vulnerability": "VCID-q73m-16a9-rkgx" }, { "vulnerability": "VCID-q74z-645k-c7dk" }, { "vulnerability": "VCID-r5y8-nc2w-kqde" }, { "vulnerability": "VCID-rc3w-5r97-k3b3" }, { "vulnerability": "VCID-sjw9-2fwe-5ybg" }, { "vulnerability": "VCID-uvgx-4m6v-2bg7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51261?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f52-bffk-eug2" }, { "vulnerability": "VCID-4y4f-z31m-dqaz" }, { "vulnerability": "VCID-bcxw-3gm9-akfv" }, { "vulnerability": "VCID-bm9s-eke4-tfhk" }, { "vulnerability": "VCID-f7rw-4dqp-pqgb" }, { "vulnerability": "VCID-nkxr-brbk-x7dj" }, { "vulnerability": "VCID-nyxj-v79u-qka4" }, { "vulnerability": "VCID-wbb2-mubf-ukhk" }, { "vulnerability": "VCID-zjcy-kx8e-ayeq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63559?format=api", "purl": "pkg:composer/zendframework/zendframework1@1.12.0-rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4f52-bffk-eug2" }, { "vulnerability": "VCID-nkxr-brbk-x7dj" }, { "vulnerability": "VCID-nsuf-xar5-f3hj" }, { "vulnerability": "VCID-wbb2-mubf-ukhk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0-rc1" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00905", "scoring_system": "epss", "scoring_elements": "0.76121", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6531" }, { "reference_url": "https://github.com/zendframework/zf1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1" }, { "reference_url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/zendframework/zf1/commit/1b5e86183a72b7b10b6c89e4f95f08c5da9716db" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6531" }, { "reference_url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2505", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2505" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/26/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/26/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/26/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/26/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/06/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/06/27/2" }, { "reference_url": "https://github.com/advisories/GHSA-h5p3-7mg6-hgj4", "reference_id": "GHSA-h5p3-7mg6-hgj4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h5p3-7mg6-hgj4" }, { "reference_url": "http://framework.zend.com/security/advisory/ZF2012-01", "reference_id": "OSVDB-83221;CVE-2012-3363", "reference_type": "exploit", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://framework.zend.com/security/advisory/ZF2012-01" } ], "weaknesses": [ { "cwe_id": 776, "name": "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", "description": "The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nkxr-brbk-x7dj" }