Zend Framework: Multiple vulnerabilities — GLSA 201804-10

Multiple vulnerabilities have been found in Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands.

Affected Packages

dev-php/ZendFramework on all architectures
Affected versions <= 1.12.9
Unaffected versions

Background

Zend Framework is a high quality and open source framework for developing Web Applications.

Description

Multiple vulnerabilities have been discovered in Zend Framework that have remain unaddressed. Please review the referenced CVE identifiers for details.

Impact

Remote attackers could execute arbitrary commands or conduct SQL injection attacks.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for Zend Framework and recommends that users unmerge the package:

 # emerge --unmerge "dev-php/ZendFramework"
 

References

Release Date
April 09, 2018

Latest Revision
April 09, 2018: 2

Severity
normal

Exploitable
remote

Bugzilla entries