GHSA-jh4x-4wmf-67pr

Source

https://github.com/advisories/GHSA-jh4x-4wmf-67pr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jh4x-4wmf-67pr/GHSA-jh4x-4wmf-67pr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jh4x-4wmf-67pr

Aliases

CVE-2012-6532

Published

2022-05-17T05:10:32Z

Modified

2024-01-12T18:41:40.207023Z

Summary

Zend Framework XEE Vulnerability

Details

(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.

Database specific

{
    "nvd_published_at": "2013-02-13T17:55:00Z",
    "cwe_ids": [
        "CWE-776"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T18:28:17Z"
}

References

Affected packages

Packagist / zendframework/zendframework1

Package

Name: zendframework/zendframework1
Purl: pkg:composer/zendframework/zendframework1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0

Fixed

1.11.13

Packagist / zendframework/zendframework1

Package

Name: zendframework/zendframework1
Purl: pkg:composer/zendframework/zendframework1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.12.0-rc1

Fixed

1.12.0