VulnerableCode Package Details - pkg:composer/zendframework/zendframework@2.3.9

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/zendframework/zendframework@2.3.9

Essentials
History (10)

purl	pkg:composer/zendframework/zendframework@2.3.9

Next non-vulnerable version	2.5.2
Latest non-vulnerable version	2.5.2
Risk	10.0

Vulnerabilities affecting this package (10)

Vulnerability	Summary	Fixed by
VCID-4bfz-jkrd-4kfn Aliases: GHSA-fh7r-58q4-6387	Zendframework URL Rewrite vulnerability	2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-7ers-1ar5-kkf5 Aliases: GHSA-gff2-p6vm-3p8g	ZendFramework potential remote code execution in zend-mail via Sendmail adapter	2.4.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-b5m8-jc12-1yc3 Aliases: ZF2015-09	Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.	2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bha1-43g9-z7f2 Aliases: CVE-2015-7503 GHSA-pm9m-w23q-5967		2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.2 Affected by 0 other vulnerabilities.
VCID-cpmt-fwxa-67br Aliases: ZF2016-04	Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.	2.4.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gznz-tm3a-nfgz Aliases: ZF2018-01	URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability.	2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ha1v-jhhj-xuay Aliases: CVE-2015-5161 GHSA-xp8p-9rq5-4wgv	security update	2.4.6 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.2 Affected by 0 other vulnerabilities.
VCID-hdkk-zmnj-dybn Aliases: GHSA-2fhr-8r8r-qp56	ZendFramework Information Disclosure and Insufficient Entropy vulnerability	2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s7mx-8xh2-w3ca Aliases: GMS-2015-48	Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.	2.4.9 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.2 Affected by 0 other vulnerabilities.
VCID-thgd-stfh-aqce Aliases: CVE-2015-5723 GHSA-pw5c-xqf2-6xc2	security update	2.4.8 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:32:14.669836+00:00	GitLab Importer	Affected by	VCID-7ers-1ar5-kkf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-gff2-p6vm-3p8g.yml	38.6.0
2026-06-12T19:32:14.043793+00:00	GitLab Importer	Affected by	VCID-4bfz-jkrd-4kfn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-fh7r-58q4-6387.yml	38.6.0
2026-06-12T19:31:58.558022+00:00	GitLab Importer	Affected by	VCID-hdkk-zmnj-dybn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-2fhr-8r8r-qp56.yml	38.6.0
2026-06-12T17:00:58.341427+00:00	GitLab Importer	Affected by	VCID-gznz-tm3a-nfgz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2018-01.yml	38.6.0
2026-06-12T16:55:03.054602+00:00	GitLab Importer	Affected by	VCID-bha1-43g9-z7f2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-7503.yml	38.6.0
2026-06-12T16:51:34.549650+00:00	GitLab Importer	Affected by	VCID-cpmt-fwxa-67br	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2016-04.yml	38.6.0
2026-06-12T16:50:24.534551+00:00	GitLab Importer	Affected by	VCID-thgd-stfh-aqce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-5723.yml	38.6.0
2026-06-12T16:49:06.018027+00:00	GitLab Importer	Affected by	VCID-s7mx-8xh2-w3ca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GMS-2015-48.yml	38.6.0
2026-06-12T16:49:04.348883+00:00	GitLab Importer	Affected by	VCID-b5m8-jc12-1yc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2015-09.yml	38.6.0
2026-06-12T16:48:46.259755+00:00	GitLab Importer	Affected by	VCID-ha1v-jhhj-xuay	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-5161.yml	38.6.0