GHSA-v59p-p692-v382

Source

https://github.com/advisories/GHSA-v59p-p692-v382

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v59p-p692-v382/GHSA-v59p-p692-v382.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v59p-p692-v382

Aliases

CVE-2015-0270

Published

2022-05-24T16:59:51Z

Modified

2024-02-16T08:13:05.832676Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Zend Framework Allows SQL Injection

Details

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.

Database specific

{
    "github_reviewed_at": "2023-08-01T00:09:06Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ],
    "nvd_published_at": "2019-10-25T15:15:00Z",
    "severity": "CRITICAL"
}

References

Affected packages

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.10

Affected versions

2.*

2.0.0beta4

2.0.0beta5

2.0.0rc1

2.0.0rc2

2.0.0rc3

2.0.0rc4

2.0.0rc5

2.0.0rc6

2.0.0rc7

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0rc1

2.2.0rc2

2.2.0rc3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v59p-p692-v382/GHSA-v59p-p692-v382.json"

Packagist / zendframework/zendframework

Package

Name: zendframework/zendframework
Purl: pkg:composer/zendframework/zendframework

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.5

Affected versions

2.*

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v59p-p692-v382/GHSA-v59p-p692-v382.json"

Packagist / zendframework/zend-db

Package

Name: zendframework/zend-db
Purl: pkg:composer/zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.10

Affected versions

2.*

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0rc1

2.2.0rc2

2.2.0rc3

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v59p-p692-v382/GHSA-v59p-p692-v382.json"

Packagist / zendframework/zend-db

Package

Name: zendframework/zend-db
Purl: pkg:composer/zendframework/zend-db

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.5

Affected versions

2.*

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v59p-p692-v382/GHSA-v59p-p692-v382.json"