VulnerableCode Package Details - pkg:composer/zendframework/zendframework@2.4.11

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/zendframework/zendframework@2.4.11

purl	pkg:composer/zendframework/zendframework@2.4.11

Next non-vulnerable version	2.5.2
Latest non-vulnerable version	2.5.2
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-wz4g-j8zt-ruff Aliases: ZF2018-01	URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability.	2.5.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-qs6q-pjks-euh4	Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.	ZF2016-04
VCID-zfzg-uw7s-byhp	ZendFramework potential remote code execution in zend-mail via Sendmail adapter When using the zend-mail component to send email via the `Zend\Mail\Transport\Sendmail transport`, a malicious user may be able to inject arbitrary parameters to the system sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.	GHSA-gff2-p6vm-3p8g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:13:02.251833+00:00	GitLab Importer	Affected by	VCID-wz4g-j8zt-ruff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2018-01.yml	38.6.0
2026-06-04T16:51:03.738630+00:00	GithubOSV Importer	Fixing	VCID-zfzg-uw7s-byhp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-gff2-p6vm-3p8g/GHSA-gff2-p6vm-3p8g.json	38.6.0
2026-06-04T16:21:55.828329+00:00	GitLab Importer	Fixing	VCID-zfzg-uw7s-byhp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-gff2-p6vm-3p8g.yml	38.6.0
2026-06-02T04:36:42.873151+00:00	GitLab Importer	Fixing	VCID-qs6q-pjks-euh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2016-04.yml	38.6.0