GHSA-5957-5crx-79jx

Source

https://github.com/advisories/GHSA-5957-5crx-79jx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5957-5crx-79jx/GHSA-5957-5crx-79jx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5957-5crx-79jx

Aliases

CVE-2015-3154

Published

2022-05-24T17:07:24Z

Modified

2024-02-16T07:58:34.368385Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Zenario CMS vulnerable to CRLF injection

Details

CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.

Database specific

{
    "nvd_published_at": "2020-01-27T16:15:00Z",
    "github_reviewed_at": "2023-08-01T21:29:03Z",
    "github_reviewed": true,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-74"
    ]
}

References

Affected packages

Packagist / zendframework/zend-http

Package

Name: zendframework/zend-http
Purl: pkg:composer/zendframework/zend-http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0beta4

Fixed

2.3.8

Affected versions

2.*

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0rc1

2.2.0rc2

2.2.0rc3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

Packagist / zendframework/zend-http

Package

Name: zendframework/zend-http
Purl: pkg:composer/zendframework/zend-http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.0rc1

Fixed

2.4.1

Affected versions

2.*

2.4.0rc1

2.4.0rc2

2.4.0rc3

2.4.0rc4

2.4.0rc5

2.4.0rc6

2.4.0rc7

2.4.0

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0beta4

Fixed

2.3.8

Affected versions

2.*

2.0.0beta4

2.0.0beta5

2.0.0rc1

2.0.0rc2

2.0.0rc3

2.0.0rc4

2.0.0rc5

2.0.0rc6

2.0.0rc7

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0rc1

2.2.0rc2

2.2.0rc3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.0rc1

Fixed

2.4.1

Affected versions

2.*

2.4.0rc1

2.4.0rc2

2.4.0rc3

2.4.0rc4

2.4.0rc5

2.4.0rc6

2.4.0rc7

2.4.0

Packagist / zendframework/zendframework1

Package

Name: zendframework/zendframework1
Purl: pkg:composer/zendframework/zendframework1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.12

Affected versions

1.*

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.12.6

1.12.7

1.12.8

1.12.9

1.12.10

1.12.11

Packagist / zendframework/zend-http

Package

Name: zendframework/zend-http
Purl: pkg:composer/zendframework/zend-http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.12.12