{"url":"http://public2.vulnerablecode.io/api/packages/52359?format=json","purl":"pkg:composer/zendframework/zendframework@2.0.0-stable","type":"composer","namespace":"zendframework","name":"zendframework","version":"2.0.0-stable","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.1","latest_non_vulnerable_version":"2.5.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37904?format=json","vulnerability_id":"VCID-njsg-e1w1-9qcy","summary":"XXE/XEE vulnerability via multibyte payloads\nThere's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161"},{"reference_url":"http://framework.zend.com/security/advisory/ZF2015-06","reference_id":"","reference_type":"","scores":[],"url":"http://framework.zend.com/security/advisory/ZF2015-06"},{"reference_url":"https://framework.zend.com/security/advisory/ZF2015-06","reference_id":"","reference_type":"","scores":[],"url":"https://framework.zend.com/security/advisory/ZF2015-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52361?format=json","purl":"pkg:composer/zendframework/zendframework@2.4.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52362?format=json","purl":"pkg:composer/zendframework/zendframework@2.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2"}],"aliases":["CVE-2015-5161"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njsg-e1w1-9qcy"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.0.0-stable"}