GHSA-229x-22xc-2f2w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-229x-22xc-2f2w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-229x-22xc-2f2w/GHSA-229x-22xc-2f2w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-229x-22xc-2f2w
- Published
- 2024-06-07T21:39:43Z
- Modified
- 2024-06-07T21:39:43Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
- Details
-
Zend_XmlRpc is vulnerable to XML eXternal Entity (XXE) Injection attacks. The SimpleXMLElement class (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-611" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-06-07T21:39:43Z" }- References
Affected packages
Packagist / zendframework/zendframework1
Package
- Name
- zendframework/zendframework1
- Purl
- pkg:composer/zendframework/zendframework1