Latest Security News about zend framework 2

Potential CRLF injection attacks in Zend_Mail

Overview : CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. Affected Product(s) : Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x […]

Potential SQL injection in PostgreSQL Zend\Db adapter

Overview : Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Affected Product(s) : Zend Framework 2.2.10 Zend Framework 2.3.5 Vulnerability Details : CVE ID : CVE-2015-0270 A patch was written that provides the correct PostgreSQL escaping sequence for quotes used for identifiers and values, and tests were […]