zendframework/zendframework Security Advisories for 2.0.0rc1 (17)
-
[CRITICAL] Remote code execution in zendframework and laminas-http
PKSA-9gb9-jn3z-tytw CVE-2021-3007 GHSA-xx8f-qf9f-5fgw
Affected version: <=3.0.0
Reported by:
GitHub -
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Potential remote code execution in zend-mail via Sendmail adapter
PKSA-n4jn-zfz3-4hxy GHSA-xg9w-r469-m455
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.4.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word
PKSA-5jbd-wvkt-7qnp GHSA-xffp-6w68-4775
Affected version: >=2.0.0,<2.4.9
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
PKSA-xx58-19nw-1zf8 CVE-2015-7503 GHSA-pm9m-w23q-5967
Affected version: >=2.0.0,<2.4.9
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XXE/XEE vector when using ZendXml on multibyte payloads
PKSA-zb12-j4m8-9hsy CVE-2015-5161 GHSA-xp8p-9rq5-4wgv
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.8|>=2.4.0,<2.4.6|>=2.5.0,<2.5.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Potential CRLF injection attacks in mail and HTTP headers
PKSA-497z-pn7r-9vxp CVE-2015-3154 GHSA-5957-5crx-79jx
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.3.0,<2.3.8|>=2.4.0,<2.4.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Potential SQL injection in PostgreSQL Zend\Db adapter
PKSA-hhrr-1j3s-z7ms CVE-2015-0270 GHSA-v59p-p692-v382
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.10|>=2.3.0,<2.3.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Session validation vulnerability
PKSA-7cvs-sc1c-cky4 GHSA-mg7h-9qfx-4r83
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.9|>=2.3.0,<2.3.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Anonymous authentication in ldap_bind() function of PHP, using null byte
PKSA-3q2t-qm4h-6vbd CVE-2014-8088 GHSA-f6rc-rh43-h8gr
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.8|>=2.3.0,<2.3.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] SQL injection vector when manually quoting values for sqlsrv extension, using null byte
PKSA-h3c9-mp2p-z2zh CVE-2014-8089 GHSA-qh9w-r7g5-q939
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.8|>=2.3.0,<2.3.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Potential XSS vector in multiple view helpers
PKSA-rm22-x953-kcxx GHSA-jq87-2wxp-8349
Affected version: >=2.0.0,<2.2.7|>=2.3.0,<2.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components
PKSA-jgk2-8mxq-5256 GHSA-2fhr-8r8r-qp56
Affected version: >=2.0.0,<2.0.8|>=2.1.0,<2.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Potential SQL injection due to execution of platform-specific SQL containing interpolations
PKSA-6xyb-pbyd-p1zn GHSA-62f6-h68r-3jpw
Affected version: >=2.0.0,<2.0.8|>=2.1.0,<2.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Route Parameter Injection Via Query String in Zend\Mvc
PKSA-zg2n-4q1r-bfvg GHSA-qc7w-4567-84wv
Affected version: >=2.0.0,<2.0.8|>=2.1.0,<2.1.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components
PKSA-q68m-wt4m-jvsc GHSA-fh7r-58q4-6387
Affected version: >=2.0.0,<2.0.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Potential XSS Vectors in Multiple Zend Framework 2 Components
PKSA-fv1v-d4t3-xh7w GHSA-8q77-cv62-jj38
Affected version: >=2.0.0,<2.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories