VulnerableCode Package Details - pkg:composer/zendframework/zendframework@2.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-2em7-tb35-vqg8 Aliases: ZF2013-02	Potential Information Disclosure and Insufficient Entropy vulnerabilities in `Zend\Math\Rand` and `Zend\Validate\Csrf` Components.	2.0.8 Affected by 0 other vulnerabilities. 2.1.4 Affected by 0 other vulnerabilities.
VCID-2g8z-51nu-17hs Aliases: ZF2015-01	Session Fixation Session validation vulnerability.	2.2.9 Affected by 0 other vulnerabilities. 2.3.4 Affected by 0 other vulnerabilities.
VCID-5bm4-grk6-w7hk Aliases: CVE-2015-3154	CRLF Injection Potential CRLF injection attacks in mail and HTTP headers.	2.2.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.3.8 Affected by 0 other vulnerabilities. 2.4.1 Affected by 0 other vulnerabilities.
VCID-8atm-865q-mkf3 Aliases: ZF2015-09	Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.	2.4.9 Affected by 0 other vulnerabilities.
VCID-de8f-p8x2-fbfr Aliases: ZF2013-03	SQL Injection Potential SQL injection due to execution of platform-specific SQL containing interpolations.	2.0.8 Affected by 0 other vulnerabilities. 2.1.4 Affected by 0 other vulnerabilities.
VCID-eezd-92tv-mkdf Aliases: ZF2014-03	Cross-site Scripting Potential XSS vector in multiple view helpers.	2.2.7 Affected by 0 other vulnerabilities. 2.3.1 Affected by 0 other vulnerabilities.
VCID-fzj7-v53w-77ar Aliases: ZF2012-04	Unintended Proxy or Intermediary ('Confused Deputy') Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components.	2.0.5 Affected by 0 other vulnerabilities.
VCID-gpru-td91-47hd Aliases: ZF2012-03	Cross-site Scripting Potential XSS Vectors in Multiple Zend Framework 2 Components.	2.0.1 Affected by 0 other vulnerabilities.
VCID-ux4f-q4es-gua5 Aliases: ZF2013-01	Paramter Injection Route Parameter Injection Via Query String in `Zend\Mvc`.	2.0.8 Affected by 0 other vulnerabilities. 2.1.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2em7-tb35-vqg8
Aliases:
ZF2013-02

Potential Information Disclosure and Insufficient Entropy vulnerabilities in `Zend\Math\Rand` and `Zend\Validate\Csrf` Components.

2.0.8
Affected by 0 other vulnerabilities.

2.1.4
Affected by 0 other vulnerabilities.

VCID-2g8z-51nu-17hs
Aliases:
ZF2015-01

Session Fixation Session validation vulnerability.

2.2.9
Affected by 0 other vulnerabilities.

2.3.4
Affected by 0 other vulnerabilities.

VCID-5bm4-grk6-w7hk
Aliases:
CVE-2015-3154

CRLF Injection Potential CRLF injection attacks in mail and HTTP headers.

2.2.0
Affected by 3 other vulnerabilities.

2.3.8
Affected by 0 other vulnerabilities.

2.4.1
Affected by 0 other vulnerabilities.

VCID-8atm-865q-mkf3
Aliases:
ZF2015-09

Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

2.4.9
Affected by 0 other vulnerabilities.

VCID-de8f-p8x2-fbfr
Aliases:
ZF2013-03

SQL Injection Potential SQL injection due to execution of platform-specific SQL containing interpolations.

2.0.8
Affected by 0 other vulnerabilities.

2.1.4
Affected by 0 other vulnerabilities.

VCID-eezd-92tv-mkdf
Aliases:
ZF2014-03

Cross-site Scripting Potential XSS vector in multiple view helpers.

2.2.7
Affected by 0 other vulnerabilities.

2.3.1
Affected by 0 other vulnerabilities.

VCID-fzj7-v53w-77ar
Aliases:
ZF2012-04

Unintended Proxy or Intermediary ('Confused Deputy') Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components.

2.0.5
Affected by 0 other vulnerabilities.

VCID-gpru-td91-47hd
Aliases:
ZF2012-03

Cross-site Scripting Potential XSS Vectors in Multiple Zend Framework 2 Components.

2.0.1
Affected by 0 other vulnerabilities.

VCID-ux4f-q4es-gua5
Aliases:
ZF2013-01

Paramter Injection Route Parameter Injection Via Query String in `Zend\Mvc`.

2.0.8
Affected by 0 other vulnerabilities.

2.1.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bjvu-jg9w-mqdd	SQL Injection The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression.	CVE-2016-6233

Vulnerability

Summary

Aliases

VCID-bjvu-jg9w-mqdd

SQL Injection The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern `[\w]*` in a regular expression.

CVE-2016-6233

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:47.950950+00:00	GitLab Importer	Fixing	VCID-bjvu-jg9w-mqdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2016-6233.yml	38.6.0
2026-06-02T04:36:27.080620+00:00	GitLab Importer	Affected by	VCID-8atm-865q-mkf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2015-09.yml	38.6.0
2026-06-02T04:36:22.954005+00:00	GitLab Importer	Affected by	VCID-5bm4-grk6-w7hk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-3154.yml	38.6.0
2026-06-02T04:36:20.699703+00:00	GitLab Importer	Affected by	VCID-2g8z-51nu-17hs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2015-01.yml	38.6.0
2026-06-02T04:36:14.008856+00:00	GitLab Importer	Affected by	VCID-eezd-92tv-mkdf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2014-03.yml	38.6.0
2026-06-02T04:36:08.374519+00:00	GitLab Importer	Affected by	VCID-2em7-tb35-vqg8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2013-02.yml	38.6.0
2026-06-02T04:36:08.335811+00:00	GitLab Importer	Affected by	VCID-de8f-p8x2-fbfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2013-03.yml	38.6.0
2026-06-02T04:36:08.296730+00:00	GitLab Importer	Affected by	VCID-ux4f-q4es-gua5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2013-01.yml	38.6.0
2026-06-02T04:36:06.255430+00:00	GitLab Importer	Affected by	VCID-fzj7-v53w-77ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2012-04.yml	38.6.0
2026-06-02T04:36:06.033381+00:00	GitLab Importer	Affected by	VCID-gpru-td91-47hd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2012-03.yml	38.6.0