GHSA-w5mj-j45q-m638 – zendframework/zendframework1

Package

Manager: composer
Name: zendframework/zendframework1
Vulnerable Version: >=1.9.0 <1.9.8 || >=1.10.0 <1.10.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

ZendFramework1 Potential Security Issues in Bundled Dojo Library In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several files in the Dojo tree were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the tree when deploying to production.

Metadata

Created: 2024-06-07T21:49:55Z
Modified: 2024-06-07T21:49:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-w5mj-j45q-m638/GHSA-w5mj-j45q-m638.json
CWE IDs: []
Alternative ID: N/A
Finding: F410
Auto approve: 1