VulnerableCode Package Details - pkg:composer/zendframework/zendframework@2.3.3

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/zendframework/zendframework@2.3.3

Essentials
History (21)

purl	pkg:composer/zendframework/zendframework@2.3.3

Next non-vulnerable version	2.5.2
Latest non-vulnerable version	2.5.2
Risk	10.0

Vulnerabilities affecting this package (15)

Vulnerability	Summary	Fixed by
VCID-3whb-yzzr-2yc2 Aliases: CVE-2015-1786 GHSA-gwwq-54qp-9pgp		2.3.6 Affected by 11 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4bfz-jkrd-4kfn Aliases: GHSA-fh7r-58q4-6387	Zendframework URL Rewrite vulnerability	2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6jhj-a5eq-yya4 Aliases: CVE-2015-0270 GHSA-v59p-p692-v382		2.3.5 Affected by 12 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7ers-1ar5-kkf5 Aliases: GHSA-gff2-p6vm-3p8g	ZendFramework potential remote code execution in zend-mail via Sendmail adapter	2.4.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-8pwu-jv65-yfdk Aliases: CVE-2015-3154 GHSA-5957-5crx-79jx	security update	2.3.8 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.0rc1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.4.1 Affected by 10 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b5m8-jc12-1yc3 Aliases: ZF2015-09	Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.	2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bha1-43g9-z7f2 Aliases: CVE-2015-7503 GHSA-pm9m-w23q-5967		2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.2 Affected by 0 other vulnerabilities.
VCID-cpmt-fwxa-67br Aliases: ZF2016-04	Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.	2.4.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gznz-tm3a-nfgz Aliases: ZF2018-01	URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability.	2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ha1v-jhhj-xuay Aliases: CVE-2015-5161 GHSA-xp8p-9rq5-4wgv	security update	2.4.6 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.2 Affected by 0 other vulnerabilities.
VCID-hdkk-zmnj-dybn Aliases: GHSA-2fhr-8r8r-qp56	ZendFramework Information Disclosure and Insufficient Entropy vulnerability	2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-n9wy-nszp-muf1 Aliases: GHSA-62f6-h68r-3jpw	Zendframework session validation vulnerability	2.3.4 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s7mx-8xh2-w3ca Aliases: GMS-2015-48	Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.	2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.2 Affected by 0 other vulnerabilities.
VCID-thgd-stfh-aqce Aliases: CVE-2015-5723 GHSA-pw5c-xqf2-6xc2	security update	2.4.8 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v56d-s5nh-n7c8 Aliases: ZF2015-01	Session Fixation Session validation vulnerability.	2.3.4 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-6duj-8u32-wyf8	security update	CVE-2014-8089 GHSA-qh9w-r7g5-q939
VCID-jw3c-uvru-nbh2	security update	CVE-2014-8088 GHSA-f6rc-rh43-h8gr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-14T00:57:22.045080+00:00	GHSA Importer	Fixing	VCID-jw3c-uvru-nbh2	https://github.com/advisories/GHSA-f6rc-rh43-h8gr	38.6.0
2026-06-12T19:32:15.918915+00:00	GitLab Importer	Affected by	VCID-n9wy-nszp-muf1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-62f6-h68r-3jpw.yml	38.6.0
2026-06-12T19:32:14.644705+00:00	GitLab Importer	Affected by	VCID-7ers-1ar5-kkf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-gff2-p6vm-3p8g.yml	38.6.0
2026-06-12T19:32:14.016603+00:00	GitLab Importer	Affected by	VCID-4bfz-jkrd-4kfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-fh7r-58q4-6387.yml	38.6.0
2026-06-12T19:31:58.534485+00:00	GitLab Importer	Affected by	VCID-hdkk-zmnj-dybn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-2fhr-8r8r-qp56.yml	38.6.0
2026-06-12T17:17:51.236030+00:00	GitLab Importer	Fixing	VCID-6duj-8u32-wyf8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2014-8089.yml	38.6.0
2026-06-12T17:15:12.643209+00:00	GitLab Importer	Affected by	VCID-6jhj-a5eq-yya4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-0270.yml	38.6.0
2026-06-12T17:00:58.317900+00:00	GitLab Importer	Affected by	VCID-gznz-tm3a-nfgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2018-01.yml	38.6.0
2026-06-12T16:55:03.029190+00:00	GitLab Importer	Affected by	VCID-bha1-43g9-z7f2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-7503.yml	38.6.0
2026-06-12T16:53:21.550346+00:00	GitLab Importer	Affected by	VCID-3whb-yzzr-2yc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-1786.yml	38.6.0
2026-06-12T16:51:34.524312+00:00	GitLab Importer	Affected by	VCID-cpmt-fwxa-67br	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2016-04.yml	38.6.0
2026-06-12T16:50:24.511075+00:00	GitLab Importer	Affected by	VCID-thgd-stfh-aqce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-5723.yml	38.6.0
2026-06-12T16:49:05.994623+00:00	GitLab Importer	Affected by	VCID-s7mx-8xh2-w3ca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GMS-2015-48.yml	38.6.0
2026-06-12T16:49:04.323647+00:00	GitLab Importer	Affected by	VCID-b5m8-jc12-1yc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2015-09.yml	38.6.0
2026-06-12T16:48:46.234527+00:00	GitLab Importer	Affected by	VCID-ha1v-jhhj-xuay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-5161.yml	38.6.0
2026-06-12T16:48:26.619226+00:00	GitLab Importer	Affected by	VCID-8pwu-jv65-yfdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-3154.yml	38.6.0
2026-06-12T16:48:07.081513+00:00	GitLab Importer	Affected by	VCID-v56d-s5nh-n7c8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2015-01.yml	38.6.0
2026-06-12T15:39:09.472060+00:00	GitLab Importer	Fixing	VCID-jw3c-uvru-nbh2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2014-8088.yml	38.6.0
2026-06-12T08:20:11.703270+00:00	GithubOSV Importer	Fixing	VCID-jw3c-uvru-nbh2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f6rc-rh43-h8gr/GHSA-f6rc-rh43-h8gr.json	38.6.0
2026-06-12T07:40:40.509350+00:00	GithubOSV Importer	Fixing	VCID-6duj-8u32-wyf8	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-qh9w-r7g5-q939/GHSA-qh9w-r7g5-q939.json	38.6.0
2026-06-11T20:34:34.702554+00:00	GHSA Importer	Fixing	VCID-6duj-8u32-wyf8	https://github.com/advisories/GHSA-qh9w-r7g5-q939	38.6.0