Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zend-mail@2.4.1
purl pkg:composer/zendframework/zend-mail@2.4.1
Next non-vulnerable version 2.4.11
Latest non-vulnerable version 2.7.2
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-qs6q-pjks-euh4
Aliases:
ZF2016-04
Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
2.4.11
Affected by 0 other vulnerabilities.
2.7.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-5bm4-grk6-w7hk CRLF Injection Potential CRLF injection attacks in mail and HTTP headers. CVE-2015-3154
GHSA-5957-5crx-79jx

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:06:53.116725+00:00 GitLab Importer Affected by VCID-qs6q-pjks-euh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-mail/ZF2016-04.yml 38.6.0
2026-06-04T16:19:45.220482+00:00 GitLab Importer Fixing VCID-5bm4-grk6-w7hk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-mail/CVE-2015-3154.yml 38.6.0