Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1nd3dxLTU0cXAtOXBncM4AAbgi

High EPSS: 0.00113% (0.30898 Percentile) EPSS:
Permalink JSON

Zend Framework CSRF Vulnerability

Affected Packages Affected Versions Fixed Versions
packagist:zendframework/zendframework >= 2.3.0, < 2.3.6 2.3.6
959 Dependent packages
7,968 Dependent repositories
7,633,101 Downloads total

Affected Version Ranges

All affected versions

2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5

All unaffected versions

2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.4.11, 2.4.12, 2.4.13, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 3.0.0

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

References:

Identifiers

GHSA-gwwq-54qp-9pgp

CVE-2015-1786

Risk

Severity

High

EPSS

EPSS Percentage: 0.00113

EPSS Percentile: 0.30898

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/zendframework/zendframework

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON