GHSA-jh4x-4wmf-67pr

Suggest an improvement
Source
https://github.com/advisories/GHSA-jh4x-4wmf-67pr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jh4x-4wmf-67pr/GHSA-jh4x-4wmf-67pr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jh4x-4wmf-67pr
Aliases
  • CVE-2012-6532
Published
2022-05-17T05:10:32Z
Modified
2024-01-12T18:41:49.527272Z
Summary
Zend Framework XEE Vulnerability
Details

(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service (CPU consumption) via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack.

Database specific
{
    "nvd_published_at": "2013-02-13T17:55:00Z",
    "cwe_ids": [
        "CWE-776"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T18:28:17Z"
}
References

Affected packages

Packagist / zendframework/zendframework1

Package

Name
zendframework/zendframework1
Purl
pkg:composer/zendframework/zendframework1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0
Fixed
1.11.13

Packagist / zendframework/zendframework1

Package

Name
zendframework/zendframework1
Purl
pkg:composer/zendframework/zendframework1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.12.0-rc1
Fixed
1.12.0