Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/zendframework/zend-json@2.2.6

Type composer

Namespace zendframework

Name zend-json

Version 2.2.6

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2qyu-jww9-wkcw

vulnerability_id VCID-2qyu-jww9-wkcw

summary Zend-JSON vulnerable to XXE/XEE attacks

references

reference_url

https://framework.zend.com/security/advisory/ZF2014-01

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2014-01

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-json/ZF2014-01.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-json/ZF2014-01.yaml

reference_url

https://github.com/zendframework/zend-json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zend-json

reference_url

https://github.com/zendframework/zend-json/commit/078e77a6e59cdbf32a94691afe3523db340f5da9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zend-json/commit/078e77a6e59cdbf32a94691afe3523db340f5da9

reference_url

https://github.com/zendframework/zend-json/commit/7a747fbefe566c28a94b7e7ca37c15fc09ba4754

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zend-json/commit/7a747fbefe566c28a94b7e7ca37c15fc09ba4754

reference_url

https://github.com/zendframework/zend-json/commit/865f96ecbc5e080fccb5e75304ce06ac57d2ce22

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zend-json/commit/865f96ecbc5e080fccb5e75304ce06ac57d2ce22

reference_url

https://github.com/zendframework/zend-json/commit/89fc6f760478dc15519cb3ef4e4976425dc6ee10

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zend-json/commit/89fc6f760478dc15519cb3ef4e4976425dc6ee10

reference_url

https://github.com/zendframework/zend-json/commit/9fe5103dc9be472fa0a443ca36619a2953b6f88e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zend-json/commit/9fe5103dc9be472fa0a443ca36619a2953b6f88e

reference_url

https://github.com/zendframework/zend-json/commit/acc60fc3fe56f5b0ad218c4c5789b21f11bc3a89

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zend-json/commit/acc60fc3fe56f5b0ad218c4c5789b21f11bc3a89

reference_url

https://github.com/advisories/GHSA-8x2v-pcg7-94f4

reference_id

GHSA-8x2v-pcg7-94f4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8x2v-pcg7-94f4

fixed_packages

url	pkg:composer/zendframework/zend-json@2.1.6
purl	pkg:composer/zendframework/zend-json@2.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-json@2.1.6

url	pkg:composer/zendframework/zend-json@2.2.6
purl	pkg:composer/zendframework/zend-json@2.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-json@2.2.6

aliases GHSA-8x2v-pcg7-94f4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qyu-jww9-wkcw

url VCID-5t8q-ezzk-puds

vulnerability_id VCID-5t8q-ezzk-puds

summary

Improper Restriction of XML External Entity Reference
Potential XXE/XEE attacks using PHP functions: `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`.

references

reference_url	https://framework.zend.com/security/advisory/ZF2014-01
reference_id
reference_type
scores
url	https://framework.zend.com/security/advisory/ZF2014-01

fixed_packages

url	pkg:composer/zendframework/zend-json@2.1.6
purl	pkg:composer/zendframework/zend-json@2.1.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-json@2.1.6

url	pkg:composer/zendframework/zend-json@2.2.0rc1
purl	pkg:composer/zendframework/zend-json@2.2.0rc1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-json@2.2.0rc1

url	pkg:composer/zendframework/zend-json@2.2.6
purl	pkg:composer/zendframework/zend-json@2.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-json@2.2.6

aliases ZF2014-01

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5t8q-ezzk-puds

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-json@2.2.6

Package Instance