Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zendframework@2.4.6
purl pkg:composer/zendframework/zendframework@2.4.6
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-njsg-e1w1-9qcy XXE/XEE vulnerability via multibyte payloads There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment. CVE-2015-5161

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:36:25.451943+00:00 GitLab Importer Fixing VCID-njsg-e1w1-9qcy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-5161.yml 38.6.0