Veracode Vulnerability DatabaseVERACODE:4798Xml Entity Expansion (XEE)
0.013 Low
EPSS
Percentile
86.1%
Zendframework is vulnerable to Denial of Service (DoS) through XML Entity Expansion (XEE). The library calls the vulnerable methods OMDocument, SimpleXML, and xml_parse which are vulnerable to XML External Entity (XXE) injections and XEE.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zendframework/zendframework1 | le | 1.12.3 | |
| zendframework/zendframework | le | 2.1.5 | |
| zendframework/zendframework | le | 2.2.5 |
References
advisories.mageia.org/MGASA-2014-0151.html
advisories.mageia.org/MGASA-2014-0151.html
framework.zend.com/security/advisory/ZF2014-01
framework.zend.com/security/advisory/ZF2014-01
seclists.org/oss-sec/2014/q2/0
seclists.org/oss-sec/2014/q2/0
www.debian.org/security/2015/dsa-3265
www.debian.org/security/2015/dsa-3265
www.mandriva.com/security/advisories?name=MDVSA-2014:072
www.mandriva.com/security/advisories?name=MDVSA-2014:072
www.securityfocus.com/bid/66358
www.securityfocus.com/bid/66358
framework.zend.com/security/advisory/ZF2014-01
Related
