Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zend-crypt@2.1.4
Typecomposer
Namespacezendframework
Namezend-crypt
Version2.1.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.9
Latest_non_vulnerable_version2.5.2
Affected_by_vulnerabilities
0
url VCID-8fwb-56kb-jubf
vulnerability_id VCID-8fwb-56kb-jubf
summary 
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2015-10
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7503
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48412
published_at 2026-06-05T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.4838
published_at 2026-06-09T12:55:00Z
2
value 0.00249
scoring_system epss
scoring_elements 0.48368
published_at 2026-06-08T12:55:00Z
3
value 0.00249
scoring_system epss
scoring_elements 0.48397
published_at 2026-06-07T12:55:00Z
4
value 0.00249
scoring_system epss
scoring_elements 0.48416
published_at 2026-06-06T12:55:00Z
5
value 0.00249
scoring_system epss
scoring_elements 0.48349
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7503
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1283137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1283137
3
reference_url https://framework.zend.com/security/advisory/ZF2015-10
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://framework.zend.com/security/advisory/ZF2015-10
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-crypt/CVE-2015-7503.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-7503.yaml
6
reference_url https://github.com/zendframework/zendframework
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/zendframework/zendframework
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7503
8
reference_url https://github.com/advisories/GHSA-pm9m-w23q-5967
reference_id GHSA-pm9m-w23q-5967
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pm9m-w23q-5967
fixed_packages
0
url pkg:composer/zendframework/zend-crypt@2.4.9
purl pkg:composer/zendframework/zend-crypt@2.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-crypt@2.4.9
1
url pkg:composer/zendframework/zend-crypt@2.5.2
purl pkg:composer/zendframework/zend-crypt@2.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-crypt@2.5.2
aliases CVE-2015-7503, GHSA-pm9m-w23q-5967
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fwb-56kb-jubf
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-crypt@2.1.4