Search for packages
| purl | pkg:composer/zendframework/zendframework@2.0.0beta4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5vu7-szck-9qay
Aliases: ZF2016-04 |
Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-5vu8-msgg-uqa5
Aliases: GMS-2015-48 |
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9f4w-2ekz-9qdj
Aliases: CVE-2014-8088 GHSA-f6rc-rh43-h8gr |
Improper Authentication The (1) `Zend_Ldap` class in Zend and (2) `Zend dap` component in Zend allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-cbcv-76c1-83fd
Aliases: GHSA-fh7r-58q4-6387 |
Zendframework URL Rewrite vulnerability |
Affected by 3 other vulnerabilities. |
|
VCID-ern1-u894-4ubj
Aliases: ZF2018-01 |
URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability. |
Affected by 3 other vulnerabilities. |
|
VCID-pt1n-7yfb-a7d4
Aliases: CVE-2015-5723 GHSA-pw5c-xqf2-6xc2 |
Security Misconfiguration Vulnerability Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of |
Affected by 8 other vulnerabilities. |
|
VCID-skyf-p5pm-7ybp
Aliases: CVE-2015-7503 GHSA-pm9m-w23q-5967 |
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||