Open mend-bolt-for-github[bot] opened 3 years ago
mend-bolt-for-github[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-bolt-for-github[bot]
commented
1 year ago :information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.
WS-2018-0158 - Medium Severity Vulnerability
Zend Framework 2
Library home page: https://api.github.com/repos/zendframework/zendframework/zipball/345a8cbedbe8de8a25bf18579fe54d169ac5075a
Dependency Hierarchy: - :x: **zendframework/zendframework-2.1.0** (Vulnerable Library)
Found in HEAD commit: 9505f4ca92405cc9273dc3726c2d274ce28a4407
Found in base branch: ALL_HANDS/major-secrets
URL Rewrite vulnerability in zendframework which is exist in projects zend-diactoros before version 1.8.4, in zend-http before version 2.8.1 and in zend-feed before version 2.10.3. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.
Publish Date: 2018-08-01
URL: WS-2018-0158
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://framework.zend.com/security/advisory/ZF2018-01
Release Date: 2018-01-07
Fix Resolution: 1.8.4,2.8.1,2.10.3
Step up your Open Source Security Game with Mend here