Is zendframework/zend-json affected by GHSA-8x2v-pcg7-94f4?

Packagist zendframework/zend-json is affected in >=2.1.0 =2.2.0 <2.2.6.

Is GHSA-8x2v-pcg7-94f4 being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

critical

GHSA-8x2v-pcg7-94f4

Q: Is GHSA-8x2v-pcg7-94f4 being exploited?

Not on the CISA KEV list. EPSS exploit probability is not available.

Packagist · zendframework/zend-json

Summary

Zend-JSON vulnerable to XXE/XEE attacks

Severity: critical
Published: 2024-06-07

References

https://github.com/zendframework/zend-json/commit/078e77a6e59cdbf32a94691afe3523db340f5da9
https://github.com/zendframework/zend-json/commit/7a747fbefe566c28a94b7e7ca37c15fc09ba4754
https://github.com/zendframework/zend-json/commit/865f96ecbc5e080fccb5e75304ce06ac57d2ce22

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.