Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13NW1qLWo0NXEtbTYzOM4AA80D
ZendFramework1 Potential Security Issues in Bundled Dojo Library
In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website:
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
In particular, several files in the Dojo tree were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the tree when deploying to production.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NW1qLWo0NXEtbTYzOM4AA80D
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 6 months ago
Identifiers: GHSA-w5mj-j45q-m638
References:
- https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2010-07.yaml
- https://web.archive.org/web/20210509072723/https://framework.zend.com/security/advisory/ZF2010-07
- http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory
- https://github.com/advisories/GHSA-w5mj-j45q-m638
Affected Packages
packagist:zendframework/zendframework1
Dependent packages: 151Dependent repositories: 841
Downloads: 6,615,659 total
Affected Version Ranges: >= 1.10.0, < 1.10.3, >= 1.9.0, < 1.9.8
Fixed in: 1.10.3, 1.9.8
All affected versions:
All unaffected versions: 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.12.4, 1.12.5, 1.12.6, 1.12.7, 1.12.8, 1.12.9, 1.12.10, 1.12.11, 1.12.12, 1.12.13, 1.12.14, 1.12.15, 1.12.16, 1.12.17, 1.12.18, 1.12.19, 1.12.20