Multiple vulnerabilities have been found in Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands.
Package | dev-php/ZendFramework on all architectures |
---|---|
Affected versions | <= 1.12.9 |
Unaffected versions |
Zend Framework is a high quality and open source framework for developing Web Applications.
Multiple vulnerabilities have been discovered in Zend Framework that have remain unaddressed. Please review the referenced CVE identifiers for details.
Remote attackers could execute arbitrary commands or conduct SQL injection attacks.
There is no known workaround at this time.
Gentoo has discontinued support for Zend Framework and recommends that users unmerge the package:
# emerge --unmerge "dev-php/ZendFramework"
Release date
April 09, 2018
Latest revision
April 09, 2018: 2
Severity
normal
Exploitable
remote
Bugzilla entries