Zend Framework 1.0.1

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:zend:zend_framework:1.0.1:*:*:*:*:*:*:*

part: a version: 1.0.1 update: *

VendorZend (c83920c2-ab0f-5e38-ada6-b090c6d186df)
ProductZend Framework (adb3ead0-24cb-5c32-9ebb-1f8628d0b936)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/zendframework purl2cpe 2026-06-01 10:11:09.882080
pkg:deb/ubuntu/zendframework purl2cpe 2026-06-01 10:11:09.882081
pkg:github/zendframework/zendframework purl2cpe 2026-06-01 10:11:09.882082
pkg:rpm/opensuse/php-zendframework purl2cpe 2026-06-01 10:11:09.882084

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2015-5161 vulnerable 2026-06-03 14:34:58.641933 Details available
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
Published: 2015-08-25T17:00:00.000Z
Updated: 2024-08-06T06:41:07.867Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2685 vulnerable 2026-06-03 14:33:51.611583 Details available
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
Published: 2014-09-04T17:00:00.000Z
Updated: 2024-08-06T10:21:36.026Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.