VulnerableCode Vulnerability Details - VCID-nsuf-xar5-f3hj

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-nsuf-xar5-f3hj

Essentials
Severities (9)
References (9)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-nsuf-xar5-f3hj
Aliases	CVE-2012-5657 GHSA-9m5v-vq4f-mrvf
Summary	Zend Framework XXE Vulnerability The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-611	Improper Restriction of XML External Entity Reference

System	Score	Found at
generic_textual	MODERATE	http://framework.zend.com/security/advisory/ZF2012-05
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2012/12/20/2
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2012/12/20/4
epss	0.00719	https://api.first.org/data/v1/epss?cve=CVE-2012-5657
generic_textual	MODERATE	https://github.com/zendframework/zf1
generic_textual	MODERATE	https://github.com/zendframework/zf1/commit/15c84914f063efea49ea1c4425459a792cc185ea
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-5657
generic_textual	MODERATE	https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115
generic_textual	MODERATE	http://www.debian.org/security/2012/dsa-2602

Reference id	Reference type	URL
		http://framework.zend.com/security/advisory/ZF2012-05
		http://openwall.com/lists/oss-security/2012/12/20/2
		http://openwall.com/lists/oss-security/2012/12/20/4
		https://api.first.org/data/v1/epss?cve=CVE-2012-5657
		https://github.com/zendframework/zf1
		https://github.com/zendframework/zf1/commit/15c84914f063efea49ea1c4425459a792cc185ea
		https://nvd.nist.gov/vuln/detail/CVE-2012-5657
		https://web.archive.org/web/20131101014013/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:115/?name=MDVSA-2013:115
		http://www.debian.org/security/2012/dsa-2602

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.72828
EPSS Score	0.00719
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T18:05:55.853537+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9m5v-vq4f-mrvf/GHSA-9m5v-vq4f-mrvf.json	38.6.0