Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8qw1-c6ps-87gr
Vulnerability ID VCID-8qw1-c6ps-87gr
Aliases GHSA-62f6-h68r-3jpw
Summary Zendframework session validation vulnerability
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-384 Session Fixation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 https://framework.zend.com/security/advisory/ZF2015-01
generic_textual MODERATE https://framework.zend.com/security/advisory/ZF2015-01
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-62f6-h68r-3jpw
cvssv3.1 6.5 https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2015-01.yaml
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2015-01.yaml
cvssv3.1 6.5 https://github.com/zendframework/zendframework
generic_textual MODERATE https://github.com/zendframework/zendframework
cvssv3.1 6.5 https://github.com/zendframework/zendframework/commit/1672aee3531205e5c1a0b96d8c680124ec93db09
generic_textual MODERATE https://github.com/zendframework/zendframework/commit/1672aee3531205e5c1a0b96d8c680124ec93db09
cvssv3.1 6.5 https://github.com/zendframework/zendframework/commit/282135561cbf98cc93274c57966b021fd6e051b9
generic_textual MODERATE https://github.com/zendframework/zendframework/commit/282135561cbf98cc93274c57966b021fd6e051b9
cvssv3.1 6.5 https://github.com/zendframework/zendframework/commit/5f06a1f80a1aaeac87a46bfa9b63a5a74a14866c
generic_textual MODERATE https://github.com/zendframework/zendframework/commit/5f06a1f80a1aaeac87a46bfa9b63a5a74a14866c
cvssv3.1 6.5 https://github.com/zendframework/zendframework/commit/9493d725ef869e6ce7ab78167539223396fda491
generic_textual MODERATE https://github.com/zendframework/zendframework/commit/9493d725ef869e6ce7ab78167539223396fda491
cvssv3.1 6.5 https://github.com/zendframework/zendframework/commit/ddbf43ac3fe28fe98a4104993d0cb4bffb13a026
generic_textual MODERATE https://github.com/zendframework/zendframework/commit/ddbf43ac3fe28fe98a4104993d0cb4bffb13a026
cvssv3.1 6.5 https://github.com/zendframework/zendframework/commit/f22a83c611732fbc0328f0f887bccc075be1fd56
generic_textual MODERATE https://github.com/zendframework/zendframework/commit/f22a83c611732fbc0328f0f887bccc075be1fd56
Reference id Reference type URL
https://framework.zend.com/security/advisory/ZF2015-01
https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2015-01.yaml
https://github.com/zendframework/zendframework
https://github.com/zendframework/zendframework/commit/1672aee3531205e5c1a0b96d8c680124ec93db09
https://github.com/zendframework/zendframework/commit/282135561cbf98cc93274c57966b021fd6e051b9
https://github.com/zendframework/zendframework/commit/5f06a1f80a1aaeac87a46bfa9b63a5a74a14866c
https://github.com/zendframework/zendframework/commit/9493d725ef869e6ce7ab78167539223396fda491
https://github.com/zendframework/zendframework/commit/ddbf43ac3fe28fe98a4104993d0cb4bffb13a026
https://github.com/zendframework/zendframework/commit/f22a83c611732fbc0328f0f887bccc075be1fd56
GHSA-62f6-h68r-3jpw https://github.com/advisories/GHSA-62f6-h68r-3jpw
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://framework.zend.com/security/advisory/ZF2015-01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/ZF2015-01.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/zendframework/zendframework
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/zendframework/zendframework/commit/1672aee3531205e5c1a0b96d8c680124ec93db09
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/zendframework/zendframework/commit/282135561cbf98cc93274c57966b021fd6e051b9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/zendframework/zendframework/commit/5f06a1f80a1aaeac87a46bfa9b63a5a74a14866c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/zendframework/zendframework/commit/9493d725ef869e6ce7ab78167539223396fda491
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/zendframework/zendframework/commit/ddbf43ac3fe28fe98a4104993d0cb4bffb13a026
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/zendframework/zendframework/commit/f22a83c611732fbc0328f0f887bccc075be1fd56
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-05-31T01:03:50.897119+00:00 GHSA Importer Import https://github.com/advisories/GHSA-62f6-h68r-3jpw 38.6.0