GHSA-pm9m-w23q-5967

Source

https://github.com/advisories/GHSA-pm9m-w23q-5967

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pm9m-w23q-5967/GHSA-pm9m-w23q-5967.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pm9m-w23q-5967

Aliases

CVE-2015-7503

Published

2022-05-17T00:26:26Z

Modified

2024-04-23T23:26:47.040968Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Zend Framework Information Disclosure

Details

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key.

Database specific

{
    "nvd_published_at": "2017-10-10T16:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:12:49Z"
}

References

Affected packages

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Fixed

2.5.2

Affected versions

2.*

2.5.0

2.5.1

Packagist / zendframework/zend-crypt

Package

Name: zendframework/zend-crypt
Purl: pkg:composer/zendframework/zend-crypt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.4.9

Affected versions

2.*

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0rc1

2.2.0rc2

2.2.0rc3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0rc1

2.4.0rc2

2.4.0rc3

2.4.0rc4

2.4.0rc5

2.4.0rc6

2.4.0rc7

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

Packagist / zendframework/zend-crypt

Package

Name: zendframework/zend-crypt
Purl: pkg:composer/zendframework/zend-crypt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Fixed

2.5.2

Affected versions

2.*

2.5.0

2.5.1

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.4.9

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0rc1

2.2.0rc2

2.2.0rc3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.2.10

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0rc1

2.4.0rc2

2.4.0rc3

2.4.0rc4

2.4.0rc5

2.4.0rc6

2.4.0rc7

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8