ZendFramework1 Potential Security Issues in Bundled Dojo Library

2024-06-0721:49:55

GitHub Advisory Database

github.com

zendframework1

dojo library

security issues

exploits

php scripts

advisory

7.3 High

AI Score

Confidence

Low

JSON

In mid-March, 2010, the Dojo Foundation issued a Security Advisory indicating potential security issues with specific files in Dojo Toolkit. Details of the advisory may be found on the Dojo website:

http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
In particular, several files in the Dojo tree were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the tree when deploying to production.

Affected configurations

Vulners

Node

zendframeworkzendframework1Range<1.10.3

zendframeworkzendframework1Range<1.9.8

CPENameOperatorVersion
zendframework/zendframework1lt1.10.3
zendframework/zendframework1lt1.9.8

CPE	Name	Operator	Version
	zendframework/zendframework1	lt	1.10.3
	zendframework/zendframework1	lt	1.9.8

References

dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory

github.com/advisories/GHSA-w5mj-j45q-m638

github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zendframework1/ZF2010-07.yaml

web.archive.org/web/20210509072723/https://framework.zend.com/security/advisory/ZF2010-07

7.3 High

AI Score

Confidence

Low

JSON