Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zend-mail@2.3.6
Typecomposer
Namespacezendframework
Namezend-mail
Version2.3.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.11
Latest_non_vulnerable_version2.7.2
Affected_by_vulnerabilities
0
url VCID-5bm4-grk6-w7hk
vulnerability_id VCID-5bm4-grk6-w7hk
summary 
CRLF Injection
Potential CRLF injection attacks in mail and HTTP headers.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-04
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-04
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3154
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51029
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3154
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2681
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2682
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2683
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2684
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2685
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4914
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8088
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8089
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
11
reference_url https://framework.zend.com/security/advisory/ZF2015-04
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-04
12
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml
13
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml
14
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml
15
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3154
reference_id CVE-2015-3154
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3154
fixed_packages
0
url pkg:composer/zendframework/zend-mail@2.3.8
purl pkg:composer/zendframework/zend-mail@2.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qs6q-pjks-euh4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-mail@2.3.8
1
url pkg:composer/zendframework/zend-mail@2.4.1
purl pkg:composer/zendframework/zend-mail@2.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qs6q-pjks-euh4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-mail@2.4.1
aliases CVE-2015-3154, GHSA-5957-5crx-79jx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bm4-grk6-w7hk
1
url VCID-qs6q-pjks-euh4
vulnerability_id VCID-qs6q-pjks-euh4
summary 
Remote code execution in zend-mail via Sendmail adapter
A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-04
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-04
fixed_packages
0
url pkg:composer/zendframework/zend-mail@2.4.11
purl pkg:composer/zendframework/zend-mail@2.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-mail@2.4.11
1
url pkg:composer/zendframework/zend-mail@2.7.2
purl pkg:composer/zendframework/zend-mail@2.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-mail@2.7.2
aliases ZF2016-04
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qs6q-pjks-euh4
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-mail@2.3.6