Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01OTU3LTVjcngtNzlqeM4AAjaE
Zenario CMS vulnerable to CRLF injection
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
Permalink: https://github.com/advisories/GHSA-5957-5crx-79jxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01OTU3LTVjcngtNzlqeM4AAjaE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 3 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-5957-5crx-79jx, CVE-2015-3154
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-3154
- https://framework.zend.com/security/advisory/ZF2015-04
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/CVE-2015-3154.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework/CVE-2015-3154.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/CVE-2015-3154.yaml
- https://github.com/advisories/GHSA-5957-5crx-79jx
Affected Packages
packagist:zendframework/zend-http
Dependent packages: 587Dependent repositories: 6,907
Downloads: 22,986,559 total
Affected Version Ranges: < 1.12.12, >= 2.4.0rc1, < 2.4.1, >= 2.0.0beta4, < 2.3.8
Fixed in: 1.12.12, 2.4.1, 2.3.8
All affected versions: 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.0-rc1, 2.4.0-rc2, 2.4.0-rc3, 2.4.0-rc4, 2.4.0-rc5, 2.4.0-rc6, 2.4.0-rc7
All unaffected versions: 2.3.8, 2.3.9, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.6.0, 2.7.0, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.1, 2.10.0, 2.10.1, 2.11.0, 2.11.1, 2.11.2
packagist:zendframework/zendframework1
Dependent packages: 151Dependent repositories: 841
Downloads: 6,478,672 total
Affected Version Ranges: < 1.12.12
Fixed in: 1.12.12
All affected versions: 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.12.9, 1.12.10, 1.12.11
All unaffected versions: 1.12.12, 1.12.13, 1.12.14, 1.12.15, 1.12.16, 1.12.17, 1.12.18, 1.12.19, 1.12.20
packagist:zendframework/zendframework
Dependent packages: 953Dependent repositories: 7,968
Downloads: 7,333,338 total
Affected Version Ranges: >= 2.4.0rc1, < 2.4.1, >= 2.0.0beta4, < 2.3.8
Fixed in: 2.4.1, 2.3.8
All affected versions: 2.0.0, 2.0.0-beta4, 2.0.0-beta5, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4, 2.0.0-rc5, 2.0.0-rc6, 2.0.0-rc7, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.4.0, 2.4.0-rc1, 2.4.0-rc2, 2.4.0-rc3, 2.4.0-rc4, 2.4.0-rc5, 2.4.0-rc6, 2.4.0-rc7
All unaffected versions: 2.3.8, 2.3.9, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 3.0.0