zendframework/zend-view-2.4.13: 1 vulnerabilities (highest severity is: 6.1)

[mend-bolt-for-github]

Vulnerable Library - zendframework/zend-view-2.4.13

View component from Zend Framework

Found in HEAD commit: a03f21d27ef1015e6e796ec7e1023b1b8ec8f781

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (zendframework/zend-view version)	Remediation Possible**
CVE-2014-4913	Medium	6.1	zendframework/zend-view-2.4.13	Direct	release-2.3.1	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2014-4913

Vulnerable Library - zendframework/zend-view-2.4.13

View component from Zend Framework

Dependency Hierarchy:

• ❌ zendframework/zend-view-2.4.13 (Vulnerable Library)

Found in HEAD commit: a03f21d27ef1015e6e796ec7e1023b1b8ec8f781

Found in base branch: 2.0

Vulnerability Details

ZF2014-03 has a potential cross site scripting vector in multiple view helpers

Publish Date: 2019-12-15

URL: CVE-2014-4913

CVSS 3 Score Details (6.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-12-15

Fix Resolution: release-2.3.1