Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zendframework1@1.12.0-rc1
purl pkg:composer/zendframework/zendframework1@1.12.0-rc1
Tags Ghost
Next non-vulnerable version 1.12.20
Latest non-vulnerable version 1.12.20
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-4f52-bffk-eug2
Aliases:
CVE-2012-6532
GHSA-jh4x-4wmf-67pr
Zend Framework XEE Vulnerability (1) `Zend_Dom`, (2) `Zend_Feed`, (3) `Zend_Soap`, and (4) `Zend_XmlRpc` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.
1.12.0
Affected by 25 other vulnerabilities.
VCID-nkxr-brbk-x7dj
Aliases:
CVE-2012-6531
GHSA-h5p3-7mg6-hgj4
Zend Framework XEE Vulnerability (1) `Zend_Dom`, (2) `Zend_Feed`, and (3) `Zend_Soap` in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363.
1.12.0
Affected by 25 other vulnerabilities.
VCID-nsuf-xar5-f3hj
Aliases:
CVE-2012-5657
GHSA-9m5v-vq4f-mrvf
Zend Framework XXE Vulnerability The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
1.12.1
Affected by 17 other vulnerabilities.
VCID-wbb2-mubf-ukhk
Aliases:
CVE-2012-3363
GHSA-7pg4-5233-82jv
Zend Framework XXE Vulnerability Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
1.12.0
Affected by 25 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T17:09:57.791128+00:00 GitLab Importer Affected by VCID-nkxr-brbk-x7dj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2012-6531.yml 38.6.0
2026-06-05T17:09:54.178602+00:00 GitLab Importer Affected by VCID-nsuf-xar5-f3hj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2012-5657.yml 38.6.0
2026-06-05T17:09:52.467553+00:00 GitLab Importer Affected by VCID-4f52-bffk-eug2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2012-6532.yml 38.6.0
2026-06-02T04:43:44.787316+00:00 GitLab Importer Affected by VCID-wbb2-mubf-ukhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework1/CVE-2012-3363.yml 38.6.0