Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/zendframework/zendxml@1.0.0

Type composer

Namespace zendframework

Name zendxml

Version 1.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.0.1

Latest_non_vulnerable_version 1.0.1

Affected_by_vulnerabilities

url VCID-njsg-e1w1-9qcy

vulnerability_id VCID-njsg-e1w1-9qcy

summary

XXE/XEE vulnerability via multibyte payloads
There's a flow that allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. This only apply when running under PHP-FPM in a threaded environment.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html

reference_url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_id

reference_type

scores

value	0.39093
scoring_system	epss
scoring_elements	0.97355
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5161

reference_url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2015/Aug/46

reference_url

https://framework.zend.com/security/advisory/ZF2015-06

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://framework.zend.com/security/advisory/ZF2015-06

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-5161.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendxml/CVE-2015-5161.yaml

reference_url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/ZendXml/commit/79f478fa2af85ce1fc18ac132dee5aa714c3b532

reference_url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/commit/ff7edddf1410b44b5ead857c02698aad9f748d1b

reference_url

https://github.com/zendframework/zf1/issues/393

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zendframework/zf1/issues/393

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5161

reference_url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228055156/http://www.securityfocus.com/bid/76177

reference_url

https://www.exploit-db.com/exploits/37765

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/37765

reference_url

http://www.debian.org/security/2015/dsa-3340

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3340

reference_url

http://www.securityfocus.com/bid/76177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/76177

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt
reference_id	CVE-2015-5161
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/37765.txt

reference_url

http://framework.zend.com/security/advisory/ZF2015-06

reference_id

CVE-2015-5161;OSVDB-125783

reference_type

exploit

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://framework.zend.com/security/advisory/ZF2015-06

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt
reference_id	CVE-2015-5161;OSVDB-125783
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/38573.txt

fixed_packages

url	pkg:composer/zendframework/zendxml@1.0.1
purl	pkg:composer/zendframework/zendxml@1.0.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendxml@1.0.1

aliases CVE-2015-5161, GHSA-xp8p-9rq5-4wgv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsg-e1w1-9qcy

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendxml@1.0.0

Package Instance