CVE-2012-3363

critical

Published 2013-02-13 · Modified 2024-04-09

CVSS v3

9.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2

6.4

VIR risk

9.1

Description

Zend Framework XXE Vulnerability

Exploit likelihood

94%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://framework.zend.com/security/advisory/ZF2012-01

OS	Version	Status
fedora	17	affected
fedora	18	affected
debian	6.0	affected

Ecosystem	Package	Vulnerable	Fixed
Packagist	zendframework/zendframework1	`>=1.0.0,<1.11.12`	`1.11.12`
Packagist	zendframework/zendframework1	`>=1.12.0-rc1,<1.12.0`	`1.12.0`

Vendor	Product	Versions	Fixed
zend	zend_framework	`{"startIncluding":"1.0.0","endExcluding":"1.11.12"}`	`1.11.12`
zend	zend_framework	`1.12.0`

CWE-611

Verify integrity in audit chain (admin only). AS-IS.