Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zendframework@2.2.0
Typecomposer
Namespacezendframework
Namezendframework
Version2.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.2.5
Latest_non_vulnerable_version2.5.2
Affected_by_vulnerabilities
0
url VCID-2g8z-51nu-17hs
vulnerability_id VCID-2g8z-51nu-17hs
summary 
Session Fixation
Session validation vulnerability.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-01
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.9
purl pkg:composer/zendframework/zendframework@2.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.9
1
url pkg:composer/zendframework/zendframework@2.3.4
purl pkg:composer/zendframework/zendframework@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.3.4
aliases ZF2015-01
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2g8z-51nu-17hs
1
url VCID-grk8-aj34-hqb4
vulnerability_id VCID-grk8-aj34-hqb4
summary 
Improper Restriction of XML External Entity Reference
Potential XXE/XEE attacks using PHP functions: `simplexml_load_*`, `DOMDocument::loadXML`, and `xml_parse`.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2014-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2014-01
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.6
purl pkg:composer/zendframework/zendframework@2.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.6
aliases ZF2014-01
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-grk8-aj34-hqb4
2
url VCID-nbuf-3vcw-mqg4
vulnerability_id VCID-nbuf-3vcw-mqg4
summary 
Information Exposure
Potential Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2013-04
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2013-04
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.5
purl pkg:composer/zendframework/zendframework@2.2.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.5
aliases ZF2013-04
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbuf-3vcw-mqg4
Fixing_vulnerabilities
0
url VCID-5bm4-grk6-w7hk
vulnerability_id VCID-5bm4-grk6-w7hk
summary 
CRLF Injection
Potential CRLF injection attacks in mail and HTTP headers.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2015-04
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2015-04
fixed_packages
0
url pkg:composer/zendframework/zendframework@2.2.0
purl pkg:composer/zendframework/zendframework@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2g8z-51nu-17hs
1
vulnerability VCID-grk8-aj34-hqb4
2
vulnerability VCID-nbuf-3vcw-mqg4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.0
1
url pkg:composer/zendframework/zendframework@2.3.8
purl pkg:composer/zendframework/zendframework@2.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.3.8
2
url pkg:composer/zendframework/zendframework@2.4.1
purl pkg:composer/zendframework/zendframework@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.1
aliases CVE-2015-3154
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bm4-grk6-w7hk
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.2.0