VulnerableCode Package Details - pkg:composer/zendframework/zend-xmlrpc@2.1.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4s13-j955-nbce	ZendFramework vulnerable to XXE/XEE attacks Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: - XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTYPE element to XML documents and strings. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections. - XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement.	GHSA-f4fj-q6m4-cc52
VCID-grk8-aj34-hqb4	Improper Restriction of XML External Entity Reference Potential XXE/XEE attacks using PHP functions: `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`.	ZF2014-01

Vulnerability

Summary

Aliases

VCID-4s13-j955-nbce

ZendFramework vulnerable to XXE/XEE attacks Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: - XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTYPE element to XML documents and strings. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections. - XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement.

GHSA-f4fj-q6m4-cc52

VCID-grk8-aj34-hqb4

Improper Restriction of XML External Entity Reference Potential XXE/XEE attacks using PHP functions: `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`.

ZF2014-01

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T16:50:53.789082+00:00	GithubOSV Importer	Fixing	VCID-4s13-j955-nbce	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-f4fj-q6m4-cc52/GHSA-f4fj-q6m4-cc52.json	38.6.0
2026-06-04T16:21:54.738358+00:00	GitLab Importer	Fixing	VCID-4s13-j955-nbce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-xmlrpc/GHSA-f4fj-q6m4-cc52.yml	38.6.0
2026-06-02T04:36:13.843954+00:00	GitLab Importer	Fixing	VCID-grk8-aj34-hqb4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-xmlrpc/ZF2014-01.yml	38.6.0