Fluid Attacks Database

Description

ZendFramework1 Potential Security Issues in Bundled Dojo Library In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website:

http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ In particular, several files in the Dojo tree were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the tree when deploying to production.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	zendframework/zendframework1	>=1.9.0 <1.9.8 \|\| >=1.10.0 <1.10.3	1.9.8, 1.10.3

Aliases

1. GCVE-GHSA-w5mj-j45q-m638

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2010-07.yaml2. https://web.archive.org/web/20210509072723/https://framework.zend.com/security/advisory/ZF2010-073. http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.