Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zend-mail@2.5.1
purl pkg:composer/zendframework/zend-mail@2.5.1
Next non-vulnerable version 2.7.2
Latest non-vulnerable version 2.7.2
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-qrb6-ar5k-eqha
Aliases:
CVE-2016-10034
GHSA-r9mw-gwx9-v3h5
Command Injection The `setFrom` function in the Sendmail adapter in the zend-mail component might allow remote attackers to pass extra parameters to the `mail` command and consequently execute arbitrary code via a `\"` in a crafted e-mail address.
2.7.2
Affected by 0 other vulnerabilities.
VCID-qs6q-pjks-euh4
Aliases:
ZF2016-04
Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
2.7.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:06:55.442537+00:00 GitLab Importer Affected by VCID-qrb6-ar5k-eqha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-mail/CVE-2016-10034.yml 38.6.0
2026-06-04T20:06:53.142262+00:00 GitLab Importer Affected by VCID-qs6q-pjks-euh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-mail/ZF2016-04.yml 38.6.0