CVE-2015-3154 – zendframework/zend-http

Package

Manager: composer
Name: zendframework/zend-http
Vulnerable Version: >=2.0.0beta4 <2.3.8 || >=2.4.0rc1 <2.4.1 || >=0 <1.12.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00274 pctl0.5049

Details

Zenario CMS vulnerable to CRLF injection CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.

Metadata

Created: 2022-05-24T17:07:24Z
Modified: 2023-12-07T21:25:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5957-5crx-79jx/GHSA-5957-5crx-79jx.json
CWE IDs: ["CWE-74"]
Alternative ID: GHSA-5957-5crx-79jx
Finding: F184
Auto approve: 1