Search for packages
| purl | pkg:composer/zendframework/zendframework@2.2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2g8z-51nu-17hs
Aliases: ZF2015-01 |
Session Fixation Session validation vulnerability. |
Affected by 11 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-3s39-f3q9-33ep
Aliases: GHSA-62f6-h68r-3jpw |
Zendframework session validation vulnerability `Zend\Session` session validators do not work as expected if set prior to the start of a session. For instance, the following test case fails (where `$this->manager` is an instance of `Zend\Session\SessionManager`): ``` $this ->manager ->getValidatorChain() ->attach('session.validate', array(new RemoteAddr(), 'isValid')); $this->manager->start(); $this->assertSame( array( 'Zend\Session\Validator\RemoteAddr' =3D> '', ), $_SESSION['__ZF']['_VALID'] ); ``` The implication is that subsequent calls to `Zend\Session\SessionManager#start()` (in later requests, assuming a session was created) will not have any validator metadata attached, which causes any validator metadata to be re-built from scratch, thus marking the session as valid. An attacker is thus able to simply ignore session validators such as RemoteAddr or HttpUserAgent, since the "signature" that these validators check against is not being stored in the session. |
Affected by 11 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-6xpr-93ef-27cu
Aliases: CVE-2014-8088 GHSA-f6rc-rh43-h8gr |
Improper Authentication The (1) `Zend_Ldap` class in Zend and (2) `Zend dap` component in Zend allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. |
Affected by 13 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-8atm-865q-mkf3
Aliases: ZF2015-09 |
Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`. |
Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-8d1t-m4zy-dkf4
Aliases: GHSA-fh7r-58q4-6387 |
Zendframework URL Rewrite vulnerability zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism. When these headers are present on systems not running the specific URL rewriting mechanism, the logic would still trigger, allowing a malicious client or proxy to emulate the headers to request arbitrary content. |
Affected by 3 other vulnerabilities. |
|
VCID-8fwb-56kb-jubf
Aliases: CVE-2015-7503 GHSA-pm9m-w23q-5967 |
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9z4g-byhj-3fak
Aliases: CVE-2015-0270 GHSA-v59p-p692-v382 |
SQL Injection Zend Framework has Potential SQL injection in PostgreSQL `Zend\Db` adapter. |
Affected by 10 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-auhh-apep-mufc
Aliases: GHSA-qc7w-4567-84wv |
Zendframework vulnerable to XXE/XEE attacks Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality are vulnerable to two types of attacks: - XML eXternal Entity (XXE) Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTYPE element to XML documents and strings. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections. - XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement. |
Affected by 16 other vulnerabilities. |
|
VCID-eezd-92tv-mkdf
Aliases: ZF2014-03 |
Cross-site Scripting Potential XSS vector in multiple view helpers. |
Affected by 15 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-grk8-aj34-hqb4
Aliases: ZF2014-01 |
Improper Restriction of XML External Entity Reference Potential XXE/XEE attacks using PHP functions: `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`. |
Affected by 16 other vulnerabilities. |
|
VCID-ke2d-2a15-rkeh
Aliases: GHSA-xffp-6w68-4775 |
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` The `Zend\Http\PhpEnvironment\RemoteAddress` class provides features around detecting the internet protocol (IP) address for an incoming proxied request via the X-Forwarded-For header, taking into account a provided list of trusted proxy server IPs. Prior to 2.2.5, the class was not taking into account whether or not the IP address contained in PHP's `$_SERVER['REMOTE_ADDR']` was in the trusted proxy server list. The IETF draft specification indicates that if `$_SERVER['REMOTE_ADDR']` is not a trusted proxy, it must be considered the originating IP address, and the value of X-Forwarded-For must be disregarded. |
Affected by 19 other vulnerabilities. |
|
VCID-nbuf-3vcw-mqg4
Aliases: ZF2013-04 |
Information Exposure Potential Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`. |
Affected by 19 other vulnerabilities. |
|
VCID-njsg-e1w1-9qcy
Aliases: CVE-2015-5161 GHSA-xp8p-9rq5-4wgv |
XXE/XEE vulnerability via multibyte payloads There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment. |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-q74z-645k-c7dk
Aliases: CVE-2015-5723 GHSA-pw5c-xqf2-6xc2 |
Security Misconfiguration Vulnerability Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of |
Affected by 8 other vulnerabilities. |
|
VCID-qs6q-pjks-euh4
Aliases: ZF2016-04 |
Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-r5y8-nc2w-kqde
Aliases: CVE-2014-8089 GHSA-qh9w-r7g5-q939 |
SQL Injection SQL injection vector when manually quoting values for `sqlsrv` extension, using null byte. |
Affected by 13 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-vmut-b2y4-rkcp
Aliases: GMS-2015-48 |
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wrkx-jstz-8bhe
Aliases: GHSA-2fhr-8r8r-qp56 |
ZendFramework Information Disclosure and Insufficient Entropy vulnerability In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\Captcha\Word` (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's `internal array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation. |
Affected by 4 other vulnerabilities. |
|
VCID-wz4g-j8zt-ruff
Aliases: ZF2018-01 |
URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability. |
Affected by 3 other vulnerabilities. |
|
VCID-z3nr-p8zz-4bey
Aliases: GHSA-8q77-cv62-jj38 |
Zendframework has potential Cross-site Scripting vector in multiple view helpers Many Zend Framework 2 view helpers were using the `escapeHtml()` view helper in order to escape HTML attributes, instead of the more appropriate `escapeHtmlAttr()`. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting (XSS) attack vectors. Vulnerable view helpers include: - All `Zend\Form` view helpers. - Most `Zend\Navigation` (aka `Zend\View\Helper\Navigation\*`) view helpers. - All "HTML Element" view helpers: `htmlFlash()`, `htmlPage()`, `htmlQuickTime()`. - `Zend\View\Helper\Gravatar` |
Affected by 15 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-zfzg-uw7s-byhp
Aliases: GHSA-gff2-p6vm-3p8g |
ZendFramework potential remote code execution in zend-mail via Sendmail adapter When using the zend-mail component to send email via the `Zend\Mail\Transport\Sendmail transport`, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||