Multiple vulnerabilities have been found in Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands.
|Package||dev-php/ZendFramework on all architectures|
|Affected versions||<= 1.12.9|
Zend Framework is a high quality and open source framework for developing Web Applications.
Multiple vulnerabilities have been discovered in Zend Framework that have remain unaddressed. Please review the referenced CVE identifiers for details.
Remote attackers could execute arbitrary commands or conduct SQL injection attacks.
There is no known workaround at this time.
Gentoo has discontinued support for Zend Framework and recommends that users unmerge the package:
# emerge --unmerge "dev-php/ZendFramework"
April 09, 2018
April 09, 2018: 2