GCVE - cpe:2.3:a:zend:zendrest:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zend:zendrest:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Zend (`c83920c2-ab0f-5e38-ada6-b090c6d186df`)
Product	Zendrest (`e20006ae-ef64-52d2-80b6-fa2e1da0f95a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/zendframework/zendrest`	purl2cpe	2026-06-01 10:11:09.810501

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-2683`	vulnerable	2026-06-03 14:33:51.604612	Details available Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532. Published: 2014-11-16T00:00:00.000Z Updated: 2024-08-06T10:21:36.135Z Open on db.gcve.eu Reference links http://seclists.org/oss-sec/2014/q2/0 http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 http://advisories.mageia.org/MGASA-2014-0151.html http://www.securityfocus.com/bid/66358 http://www.debian.org/security/2015/dsa-3265	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2682`	vulnerable	2026-06-03 14:33:51.603947	Details available Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. Published: 2014-11-16T00:00:00.000Z Updated: 2024-08-06T10:21:36.052Z Open on db.gcve.eu Reference links http://seclists.org/oss-sec/2014/q2/0 http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 http://advisories.mageia.org/MGASA-2014-0151.html http://www.securityfocus.com/bid/66358 http://www.debian.org/security/2015/dsa-3265	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2681`	vulnerable	2026-06-03 14:33:51.598164	Details available Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657. Published: 2014-11-16T00:00:00.000Z Updated: 2024-08-06T10:21:36.060Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2014:072 http://advisories.mageia.org/MGASA-2014-0151.html http://www.securityfocus.com/bid/66358 http://www.debian.org/security/2015/dsa-3265 http://framework.zend.com/security/advisory/ZF2014-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.