Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zendframework@2.4.8
purl pkg:composer/zendframework/zendframework@2.4.8
Next non-vulnerable version 2.5.2
Latest non-vulnerable version 2.5.2
Risk
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-5vu7-szck-9qay
Aliases:
ZF2016-04
Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability.
2.4.11
Affected by 2 other vulnerabilities.
2.5.0
Affected by 3 other vulnerabilities.
VCID-5vu8-msgg-uqa5
Aliases:
GMS-2015-48
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.
2.4.9
Affected by 4 other vulnerabilities.
2.5.2
Affected by 0 other vulnerabilities.
VCID-cbcv-76c1-83fd
Aliases:
GHSA-fh7r-58q4-6387
Zendframework URL Rewrite vulnerability
2.5.0
Affected by 3 other vulnerabilities.
VCID-ern1-u894-4ubj
Aliases:
ZF2018-01
URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability.
2.5.0
Affected by 3 other vulnerabilities.
VCID-gakp-8kf1-byg4
Aliases:
ZF2015-09
Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.
2.4.9
Affected by 4 other vulnerabilities.
2.5.0
Affected by 3 other vulnerabilities.
VCID-rfxg-rjxa-2ya4
Aliases:
GHSA-gff2-p6vm-3p8g
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
2.4.11
Affected by 2 other vulnerabilities.
VCID-skyf-p5pm-7ybp
Aliases:
CVE-2015-7503
GHSA-pm9m-w23q-5967
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality.
2.4.9
Affected by 4 other vulnerabilities.
2.5.2
Affected by 0 other vulnerabilities.
VCID-xzuu-fk13-2qa1
Aliases:
GHSA-2fhr-8r8r-qp56
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
2.4.9
Affected by 4 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-pt1n-7yfb-a7d4 Security Misconfiguration Vulnerability Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of CVE-2015-5723
GHSA-pw5c-xqf2-6xc2

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T08:06:58.701566+00:00 GitLab Importer Affected by VCID-rfxg-rjxa-2ya4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-gff2-p6vm-3p8g.yml 38.6.0
2026-06-01T08:06:58.016754+00:00 GitLab Importer Affected by VCID-cbcv-76c1-83fd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-fh7r-58q4-6387.yml 38.6.0
2026-06-01T08:06:41.373656+00:00 GitLab Importer Affected by VCID-xzuu-fk13-2qa1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GHSA-2fhr-8r8r-qp56.yml 38.6.0
2026-05-31T11:33:31.670409+00:00 GithubOSV Importer Fixing VCID-pt1n-7yfb-a7d4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pw5c-xqf2-6xc2/GHSA-pw5c-xqf2-6xc2.json 38.6.0
2026-05-31T09:47:01.825507+00:00 GitLab Importer Affected by VCID-ern1-u894-4ubj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2018-01.yml 38.6.0
2026-05-31T09:40:56.983597+00:00 GitLab Importer Affected by VCID-skyf-p5pm-7ybp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-7503.yml 38.6.0
2026-05-31T09:36:49.961608+00:00 GitLab Importer Affected by VCID-5vu7-szck-9qay https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2016-04.yml 38.6.0
2026-05-31T09:34:41.138032+00:00 GitLab Importer Affected by VCID-5vu8-msgg-uqa5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/GMS-2015-48.yml 38.6.0
2026-05-31T09:34:40.037258+00:00 GitLab Importer Affected by VCID-gakp-8kf1-byg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/ZF2015-09.yml 38.6.0
2026-05-30T20:52:28.429349+00:00 GitLab Importer Fixing VCID-pt1n-7yfb-a7d4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zendframework/CVE-2015-5723.yml 38.6.0