{"url":"http://public2.vulnerablecode.io/api/packages/52416?format=json","purl":"pkg:composer/zendframework/zendframework@2.4.9","type":"composer","namespace":"zendframework","name":"zendframework","version":"2.4.9","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.4.11","latest_non_vulnerable_version":"2.5.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37948?format=json","vulnerability_id":"VCID-8atm-865q-mkf3","summary":"Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\\Captcha\\Word`.","references":[{"reference_url":"https://framework.zend.com/security/advisory/ZF2015-09","reference_id":"","reference_type":"","scores":[],"url":"https://framework.zend.com/security/advisory/ZF2015-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52416?format=json","purl":"pkg:composer/zendframework/zendframework@2.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9"}],"aliases":["ZF2015-09"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8atm-865q-mkf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39010?format=json","vulnerability_id":"VCID-8fwb-56kb-jubf","summary":"Potential Information Disclosure in Zend\\Crypt\\PublicKey\\Rsa\\PublicKey\nZend\\Crypt\\PublicKey\\Rsa\\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.","references":[{"reference_url":"http://framework.zend.com/security/advisory/ZF2015-10","reference_id":"","reference_type":"","scores":[],"url":"http://framework.zend.com/security/advisory/ZF2015-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52416?format=json","purl":"pkg:composer/zendframework/zendframework@2.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52362?format=json","purl":"pkg:composer/zendframework/zendframework@2.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2"}],"aliases":["CVE-2015-7503"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fwb-56kb-jubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37956?format=json","vulnerability_id":"VCID-vmut-b2y4-rkcp","summary":"Potential Information Disclosure and Insufficient Entropy in Zend\\Captcha\\Word\nZend generates a \"word\" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.","references":[{"reference_url":"http://framework.zend.com/security/advisory/ZF2015-09","reference_id":"","reference_type":"","scores":[],"url":"http://framework.zend.com/security/advisory/ZF2015-09"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52416?format=json","purl":"pkg:composer/zendframework/zendframework@2.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52362?format=json","purl":"pkg:composer/zendframework/zendframework@2.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.5.2"}],"aliases":["GMS-2015-48"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vmut-b2y4-rkcp"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework@2.4.9"}