Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zendframework1@1.12.0
purl pkg:composer/zendframework/zendframework1@1.12.0
Next non-vulnerable version 1.12.1
Latest non-vulnerable version 1.12.20
Risk
Vulnerabilities affecting this package (12)
Vulnerability Summary Fixed by
VCID-2ncq-wptr-k3ha
Aliases:
ZF2015-08
SQL Injection Potential SQL injection vector using null byte for PDO (MsSql, SQLite).
1.12.16
Affected by 0 other vulnerabilities.
VCID-5bm4-grk6-w7hk
Aliases:
CVE-2015-3154
CRLF Injection Potential CRLF injection attacks in mail and HTTP headers.
1.12.12
Affected by 0 other vulnerabilities.
VCID-6xpr-93ef-27cu
Aliases:
CVE-2014-8088
Improper Authentication The (1) `Zend_Ldap` class in Zend and (2) `Zend
dap` component in Zend allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
1.12.9
Affected by 0 other vulnerabilities.
VCID-8atm-865q-mkf3
Aliases:
ZF2015-09
Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.
1.12.17
Affected by 0 other vulnerabilities.
VCID-a72a-7k6u-rqgr
Aliases:
ZF2014-04
SQL Injection Potential SQL injection in the ORDER implementation of `Zend_Db_Select`.
1.12.7
Affected by 0 other vulnerabilities.
VCID-afnn-53q5-wqft
Aliases:
ZF2014-02
Improper Authentication Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer.
1.12.4
Affected by 0 other vulnerabilities.
VCID-cp1a-fprd-9fhk
Aliases:
ZF2012-05
Improper Restriction of XML External Entity Reference Potential XML eXternal Entity injection vectors in Zend Framework 1 `Zend_Feed` component.
1.12.1
Affected by 0 other vulnerabilities.
VCID-grk8-aj34-hqb4
Aliases:
ZF2014-01
Improper Restriction of XML External Entity Reference Potential XXE/XEE attacks using PHP functions: `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`.
1.12.4
Affected by 0 other vulnerabilities.
VCID-n2gy-93nd-gber
Aliases:
ZF2016-01
Potential Insufficient Entropy Vulnerability in ZF1.
1.12.18
Affected by 0 other vulnerabilities.
VCID-q74z-645k-c7dk
Aliases:
CVE-2015-5723
Security Misconfiguration Vulnerability Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of
1.12.16
Affected by 0 other vulnerabilities.
VCID-r5y8-nc2w-kqde
Aliases:
CVE-2014-8089
SQL Injection SQL injection vector when manually quoting values for `sqlsrv` extension, using null byte.
1.12.9
Affected by 0 other vulnerabilities.
VCID-uvgx-4m6v-2bg7
Aliases:
CVE-2015-7695
SQL injection vector using null byte for PDO The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. This only impacts MsSql and SQLite adapters.
1.12.16
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (13)
Vulnerability Summary Aliases
VCID-24xb-s5fu-xuc2 Cross-site Scripting Potential XSS vector in `Zend_Service_ReCaptcha_MailHide`. ZF2010-05
VCID-46j8-n7cg-3feu Cross-site Scripting XSS vector in `Zend_Filter_StripTags`. ZF2009-02
VCID-4y4f-z31m-dqaz Cross-Site Scripting Potential XSS in Development Environment Error View Script. ZF2011-01
VCID-6j4n-cucb-5fdy Cross-site Scripting Potential XSS vector in `Zend_Dojo_View_Helper_Editor`. ZF2010-02
VCID-758r-rg88-eqga Cross-site Scripting Potential XSS vectors due to inconsistent encodings. ZF2010-01
VCID-bm9s-eke4-tfhk Improper Restriction of XML External Entity Reference Local file disclosure via XXE injection in `Zend_XmlRpc`. ZF2012-01
VCID-cp8b-e8wm-kfb3 Cross-Site Scripting Potential Security Issues in Bundled Dojo Library. ZF2010-06
VCID-e2nf-wm5h-fqav Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') File Inclusion vector in `Zend_View::setScriptPath()` and `render()`. ZF2009-01
VCID-e98a-dehh-ybbe Cross-site Scripting Potential XSS vector in `Zend_Filter_StripTags` when comments allowed. ZF2010-03
VCID-m1p7-zwwq-jbdg Potential SQL Injection Vector When Using `PDO_MySql`. ZF2011-02
VCID-nyxj-v79u-qka4 Improper Restriction of XML External Entity Reference Denial of Service vector via XEE injection. ZF2012-02
VCID-v3p7-aj4a-33d5 Cross-Site Scripting Potential Security Issues in Bundled Dojo Library. ZF2010-07
VCID-wbb2-mubf-ukhk Zend Framework XXE Vulnerability Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack. CVE-2012-3363
GHSA-7pg4-5233-82jv

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:43:44.801548+00:00 GitLab Importer Fixing VCID-wbb2-mubf-ukhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2012-3363.yml 38.6.0
2026-06-02T04:36:35.854982+00:00 GitLab Importer Affected by VCID-uvgx-4m6v-2bg7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2015-7695.yml 38.6.0
2026-06-02T04:36:35.828344+00:00 GitLab Importer Affected by VCID-q74z-645k-c7dk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2015-5723.yml 38.6.0
2026-06-02T04:36:32.743311+00:00 GitLab Importer Affected by VCID-n2gy-93nd-gber https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2016-01.yml 38.6.0
2026-06-02T04:36:26.952888+00:00 GitLab Importer Affected by VCID-8atm-865q-mkf3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2015-09.yml 38.6.0
2026-06-02T04:36:25.845561+00:00 GitLab Importer Affected by VCID-2ncq-wptr-k3ha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2015-08.yml 38.6.0
2026-06-02T04:36:23.294296+00:00 GitLab Importer Affected by VCID-5bm4-grk6-w7hk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2015-3154.yml 38.6.0
2026-06-02T04:36:18.500986+00:00 GitLab Importer Affected by VCID-6xpr-93ef-27cu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2014-8088.yml 38.6.0
2026-06-02T04:36:18.035746+00:00 GitLab Importer Affected by VCID-r5y8-nc2w-kqde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2014-8089.yml 38.6.0
2026-06-02T04:36:16.376431+00:00 GitLab Importer Affected by VCID-a72a-7k6u-rqgr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2014-04.yml 38.6.0
2026-06-02T04:36:14.043268+00:00 GitLab Importer Affected by VCID-grk8-aj34-hqb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2014-01.yml 38.6.0
2026-06-02T04:36:13.583667+00:00 GitLab Importer Affected by VCID-afnn-53q5-wqft https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2014-02.yml 38.6.0
2026-06-02T04:36:06.702422+00:00 GitLab Importer Affected by VCID-cp1a-fprd-9fhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2012-05.yml 38.6.0
2026-06-02T04:36:06.060678+00:00 GitLab Importer Fixing VCID-nyxj-v79u-qka4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2012-02.yml 38.6.0
2026-06-02T04:36:05.802707+00:00 GitLab Importer Fixing VCID-bm9s-eke4-tfhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2012-01.yml 38.6.0
2026-06-02T04:36:05.297852+00:00 GitLab Importer Fixing VCID-4y4f-z31m-dqaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2011-01.yml 38.6.0
2026-06-02T04:36:04.126407+00:00 GitLab Importer Fixing VCID-m1p7-zwwq-jbdg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2011-02.yml 38.6.0
2026-06-02T04:36:03.510930+00:00 GitLab Importer Fixing VCID-v3p7-aj4a-33d5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-07.yml 38.6.0
2026-06-02T04:36:03.401633+00:00 GitLab Importer Fixing VCID-e98a-dehh-ybbe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-03.yml 38.6.0
2026-06-02T04:36:03.371810+00:00 GitLab Importer Fixing VCID-6j4n-cucb-5fdy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-02.yml 38.6.0
2026-06-02T04:36:03.343000+00:00 GitLab Importer Fixing VCID-cp8b-e8wm-kfb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-06.yml 38.6.0
2026-06-02T04:36:03.313284+00:00 GitLab Importer Fixing VCID-24xb-s5fu-xuc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-05.yml 38.6.0
2026-06-02T04:36:03.281672+00:00 GitLab Importer Fixing VCID-758r-rg88-eqga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2010-01.yml 38.6.0
2026-06-02T04:36:02.971513+00:00 GitLab Importer Fixing VCID-46j8-n7cg-3feu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2009-02.yml 38.6.0
2026-06-02T04:36:02.947585+00:00 GitLab Importer Fixing VCID-e2nf-wm5h-fqav https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/ZF2009-01.yml 38.6.0