VulnerableCode Package Details - pkg:composer/zendframework/zendservice-slideshare@2.0.2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6fzg-den8-rqc8	Several Zend Products Vulnerable to XXE and XEE attacks Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.	CVE-2014-2681 GHSA-43xg-87xw-jpv8
VCID-tpdc-c3mz-zyd2	Several Zend Products Vulnerable to XXE and XEE attacks Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.	CVE-2014-2682 GHSA-gp39-h9c2-qw79
VCID-wkkp-82dc-huhr	Several Zend Products Vulnerable to XXE and XEE attacks Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.	CVE-2014-2683 GHSA-5wm2-38q5-5rxv

Vulnerability

Summary

Aliases

VCID-6fzg-den8-rqc8

Several Zend Products Vulnerable to XXE and XEE attacks Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.

CVE-2014-2681
GHSA-43xg-87xw-jpv8

VCID-tpdc-c3mz-zyd2

Several Zend Products Vulnerable to XXE and XEE attacks Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.

CVE-2014-2682
GHSA-gp39-h9c2-qw79

VCID-wkkp-82dc-huhr

Several Zend Products Vulnerable to XXE and XEE attacks Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.

CVE-2014-2683
GHSA-5wm2-38q5-5rxv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:43:22.377121+00:00	GitLab Importer	Fixing	VCID-wkkp-82dc-huhr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendservice-slideshare/CVE-2014-2683.yml	38.6.0
2026-06-02T04:43:18.492594+00:00	GitLab Importer	Fixing	VCID-tpdc-c3mz-zyd2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendservice-slideshare/CVE-2014-2682.yml	38.6.0
2026-06-02T04:43:14.395052+00:00	GitLab Importer	Fixing	VCID-6fzg-den8-rqc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendservice-slideshare/CVE-2014-2681.yml	38.6.0