Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-wbb2-mubf-ukhk
Summary
Zend Framework XXE Vulnerability
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
Aliases
0
alias CVE-2012-3363
1
alias GHSA-7pg4-5233-82jv
Fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.0
purl pkg:composer/zendframework/zendframework1@1.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ncq-wptr-k3ha
1
vulnerability VCID-2xx4-77e9-pfbb
2
vulnerability VCID-5bm4-grk6-w7hk
3
vulnerability VCID-649h-2f2f-nbam
4
vulnerability VCID-6fzg-den8-rqc8
5
vulnerability VCID-6xpr-93ef-27cu
6
vulnerability VCID-8atm-865q-mkf3
7
vulnerability VCID-9bm9-b48z-zqcm
8
vulnerability VCID-a72a-7k6u-rqgr
9
vulnerability VCID-afnn-53q5-wqft
10
vulnerability VCID-b1da-n1u7-43hj
11
vulnerability VCID-bjvu-jg9w-mqdd
12
vulnerability VCID-c8kp-n8m3-2khe
13
vulnerability VCID-cp1a-fprd-9fhk
14
vulnerability VCID-e9ut-smfp-7yb4
15
vulnerability VCID-grk8-aj34-hqb4
16
vulnerability VCID-h5yf-ahec-gbgx
17
vulnerability VCID-j5kg-jzxz-ruam
18
vulnerability VCID-n2gy-93nd-gber
19
vulnerability VCID-njsg-e1w1-9qcy
20
vulnerability VCID-nsuf-xar5-f3hj
21
vulnerability VCID-ps73-776n-zffn
22
vulnerability VCID-q73m-16a9-rkgx
23
vulnerability VCID-q74z-645k-c7dk
24
vulnerability VCID-r5y8-nc2w-kqde
25
vulnerability VCID-rc3w-5r97-k3b3
26
vulnerability VCID-sjw9-2fwe-5ybg
27
vulnerability VCID-tpdc-c3mz-zyd2
28
vulnerability VCID-uvgx-4m6v-2bg7
29
vulnerability VCID-wkkp-82dc-huhr
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0
Affected_packages
0
url pkg:composer/zendframework/zendframework1@1.0.0
purl pkg:composer/zendframework/zendframework1@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f52-bffk-eug2
1
vulnerability VCID-4y4f-z31m-dqaz
2
vulnerability VCID-bcxw-3gm9-akfv
3
vulnerability VCID-bm9s-eke4-tfhk
4
vulnerability VCID-f7rw-4dqp-pqgb
5
vulnerability VCID-nkxr-brbk-x7dj
6
vulnerability VCID-nyxj-v79u-qka4
7
vulnerability VCID-wbb2-mubf-ukhk
8
vulnerability VCID-zjcy-kx8e-ayeq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.0.0
1
url pkg:composer/zendframework/zendframework1@1.12.0-rc1
purl pkg:composer/zendframework/zendframework1@1.12.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4f52-bffk-eug2
1
vulnerability VCID-nkxr-brbk-x7dj
2
vulnerability VCID-nsuf-xar5-f3hj
3
vulnerability VCID-wbb2-mubf-ukhk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.0-rc1
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
3
reference_url http://openwall.com/lists/oss-security/2013/03/25/2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://openwall.com/lists/oss-security/2013/03/25/2
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3363
reference_id
reference_type
scores
0
value 0.55118
scoring_system epss
scoring_elements 0.98099
published_at 2026-06-07T12:55:00Z
1
value 0.55118
scoring_system epss
scoring_elements 0.98097
published_at 2026-06-04T12:55:00Z
2
value 0.55118
scoring_system epss
scoring_elements 0.98098
published_at 2026-06-08T12:55:00Z
3
value 0.55118
scoring_system epss
scoring_elements 0.981
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3363
5
reference_url https://github.com/zendframework/zf1
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1
6
reference_url https://github.com/zendframework/zf1/commit/281a3251d71ed40a5289ec4afc355eea8e014dc5
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zf1/commit/281a3251d71ed40a5289ec4afc355eea8e014dc5
7
reference_url https://moodle.org/mod/forum/discuss.php?d=225345
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url https://moodle.org/mod/forum/discuss.php?d=225345
8
reference_url https://web.archive.org/web/20170223044943/http://www.securitytracker.com/id?1027208
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170223044943/http://www.securitytracker.com/id?1027208
9
reference_url https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt
10
reference_url http://www.debian.org/security/2012/dsa-2505
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://www.debian.org/security/2012/dsa-2505
11
reference_url http://www.openwall.com/lists/oss-security/2012/06/26/2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://www.openwall.com/lists/oss-security/2012/06/26/2
12
reference_url http://www.openwall.com/lists/oss-security/2012/06/26/4
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://www.openwall.com/lists/oss-security/2012/06/26/4
13
reference_url http://www.openwall.com/lists/oss-security/2012/06/27/2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://www.openwall.com/lists/oss-security/2012/06/27/2
14
reference_url http://www.securitytracker.com/id?1027208
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://www.securitytracker.com/id?1027208
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3363
reference_id CVE-2012-3363
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3363
16
reference_url https://github.com/advisories/GHSA-7pg4-5233-82jv
reference_id GHSA-7pg4-5233-82jv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7pg4-5233-82jv
17
reference_url http://framework.zend.com/security/advisory/ZF2012-01
reference_id OSVDB-83221;CVE-2012-3363
reference_type exploit
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-16T20:38:37Z/
url http://framework.zend.com/security/advisory/ZF2012-01
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/19408.txt
reference_id OSVDB-83221;CVE-2012-3363
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/19408.txt
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 611
name Improper Restriction of XML External Entity Reference
description The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Exploits
0
date_added 2012-06-27
description Zend Framework < 2.0.0 beta4 < 1.12 RC1 < 1.11.11 - Local File Disclosure
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2012-06-27
exploit_type webapps
platform php
source_date_updated 2016-12-31
data_source Exploit-DB
source_url http://framework.zend.com/security/advisory/ZF2012-01
Severity_range_score7.0 - 9.1
Exploitability2.0
Weighted_severity8.2
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-wbb2-mubf-ukhk