WS-2018-0158 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0158

WS-2018-0158

Published:May 19, 2026

Updated:May 19, 2026

URL Rewrite vulnerability in zendframework which is exist in projects zend-diactoros before version 1.8.4, in zend-http before version 2.8.1 and in zend-feed before version 2.10.3. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

Affected Packages

zendframework/zend-http (PHP):

Affected version(s) >=2.3.7 <2.4.0rc3

Fix Suggestion:

Update to version 2.4.0rc3

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76 <dev-redo-13161

Fix Suggestion:

Update to version dev-redo-13161

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd <dev-survey-defaultsettings

Fix Suggestion:

Update to version dev-survey-defaultsettings

zendframework/zend-http (PHP):

Affected version(s) =dev-legacy <dev-master

Fix Suggestion:

Update to version dev-master

withadresden/superdrupal (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

rcm/dynamic-navigation (PHP):

Affected version(s) >=0.1.0 <0.1.2

Fix Suggestion:

Update to version 0.1.2

zendframework/zend-http (PHP):

Affected version(s) >=2.3.3 <2.3.5

Fix Suggestion:

Update to version 2.3.5

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82 <dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

Fix Suggestion:

Update to version dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

zendframework/zend-http (PHP):

Affected version(s) =2.4.0rc5 <2.4.0rc6

Fix Suggestion:

Update to version 2.4.0rc6

reliv/rcm-dynamic-navigation (PHP):

Affected version(s) >=0.1.0 <0.1.2

Fix Suggestion:

Update to version 0.1.2

drupal/drupal (PHP):

Affected version(s) =8.0.x-dev <8.0.1

Fix Suggestion:

Update to version 8.0.1

controleonline/speed-up-essentials (PHP):

Affected version(s) =dev-master <v1.0.0

Fix Suggestion:

Update to version v1.0.0

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-v3-add-import-converter <3.0.1+171228

Fix Suggestion:

Update to version 3.0.1+171228

drupal/drupal (PHP):

Affected version(s) =8.0.0-beta16 <8.0.0-beta2

Fix Suggestion:

Update to version 8.0.0-beta2

limesurvey/limesurvey (PHP):

Affected version(s) =2.2.5 <2.65.2+170606

Fix Suggestion:

Update to version 2.65.2+170606

limesurvey/limesurvey (PHP):

Affected version(s) >=3.27.29+211214 <3.27.33+220125

Fix Suggestion:

Update to version 3.27.33+220125

sos-solution/other-framework (PHP):

Affected version(s) >=dev-master <=1.0.0

Fix Suggestion:

Update to version no_fix

zendframework/zend-http (PHP):

Affected version(s) =2.4.7 <2.4.8

Fix Suggestion:

Update to version 2.4.8

obimet/tool_console (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0+200116 <4.4.0+210129

Fix Suggestion:

Update to version 4.4.0+210129

vufind/vufind (PHP):

Affected version(s) >=v2.0RC1 <dev-autocomplete-v2-1-10

Fix Suggestion:

Update to version dev-autocomplete-v2-1-10

vufind/vufind (PHP):

Affected version(s) >=RD1.01 <v1.20.0

Fix Suggestion:

Update to version v1.20.0

zendframework/zend-http (PHP):

Affected version(s) >=2.4.13 <2.8.1

Fix Suggestion:

Update to version 2.8.1

boboldehampsink/pushnotifications (PHP):

Affected version(s) =dev-develop <dev-feature/mpns

Fix Suggestion:

Update to version dev-feature/mpns

zendframework/zend-http (PHP):

Affected version(s) >=2.4.0 <2.4.2

Fix Suggestion:

Update to version 2.4.2

muse/zend-diactoros (PHP):

Affected version(s) >=1.8.1 <1.8.4

Fix Suggestion:

Update to version 1.8.4

zendframework/zend-http (PHP):

Affected version(s) >=2.2.0 <2.2.3

Fix Suggestion:

Update to version 2.2.3

vufind/vufind (PHP):

Affected version(s) =v1.27.0 <v1.28.0

Fix Suggestion:

Update to version v1.28.0

zendframework/zend-http (PHP):

Affected version(s) >=2.0.8 <2.1.2

Fix Suggestion:

Update to version 2.1.2

webflo/drupal (PHP):

Affected version(s) =8.0.x-dev

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC10+191202 <4.0.0-RC2+190723

Fix Suggestion:

Update to version 4.0.0-RC2+190723

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a <dev-tests-clieck-views1

Fix Suggestion:

Update to version dev-tests-clieck-views1

torrentpier/torrentpier (PHP):

Affected version(s) >=v2.1.4 <v2.2.0

Fix Suggestion:

Update to version v2.2.0

zendframework/zend-http (PHP):

Affected version(s) >=2.2.4 <2.2.6

Fix Suggestion:

Update to version 2.2.6

drupal/drupal (PHP):

Affected version(s) >=8.0.3 <8.1.0-beta2

Fix Suggestion:

Update to version 8.1.0-beta2

lochmueller/autoloader (PHP):

Affected version(s) =3.1.0 <3.2.0

Fix Suggestion:

Update to version 3.2.0

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-db5589e32a61db42524a88ad04a6eaba <6.0.1+230411

Fix Suggestion:

Update to version 6.0.1+230411

zendframework/zend-feed (PHP):

Affected version(s) >=2.1.6 <2.2.0rc3

Fix Suggestion:

Update to version 2.2.0rc3

zendframework/zend-feed (PHP):

Affected version(s) >=2.2.10 <2.3.4

Fix Suggestion:

Update to version 2.3.4

zendframework/zend-http (PHP):

Affected version(s) >=2.1.6 <2.2.0rc3

Fix Suggestion:

Update to version 2.2.0rc3

vijaycs85/coverage-report (PHP):

Affected version(s) >=8.0-alpha10 <8.1.0-beta2

Fix Suggestion:

Update to version 8.1.0-beta2

xtreed/zend-diactoros (PHP):

Affected version(s) =1.8.0 <dev-release-1.8

Fix Suggestion:

Update to version dev-release-1.8

thxyh99/composer_advance (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=3.23.6+200929 <3.27.28+211208

Fix Suggestion:

Update to version 3.27.28+211208

zendframework/zend-http (PHP):

Affected version(s) >=2.1.3 <2.1.5

Fix Suggestion:

Update to version 2.1.5

limesurvey/limesurvey (PHP):

Affected version(s) >=3.20.0+191112 <3.23.5+200923

Fix Suggestion:

Update to version 3.23.5+200923

drupal/core-dependency-injection (PHP):

Affected version(s) >=8.0.0-beta10 <8.0.0-beta15

Fix Suggestion:

Update to version 8.0.0-beta15

zendframework/zendframework (PHP):

Affected version(s) >=release-2.0.0rc2 <2.5.0

Fix Suggestion:

Update to version 2.5.0

zendframework/zend-feed (PHP):

Affected version(s) >=2.0.0 <2.0.4

Fix Suggestion:

Update to version 2.0.4

lochmueller/autoloader (PHP):

Affected version(s) >=2.1.1 <dev-analysis-3wWO14

Fix Suggestion:

Update to version dev-analysis-3wWO14

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC7+191111 <4.0.0-alpha+181212

Fix Suggestion:

Update to version 4.0.0-alpha+181212

fatfish/importer (PHP):

Affected version(s) >=dev-master <v1.0

Fix Suggestion:

Update to version v1.0

openwebapp/openwebapp (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

zendframework/zend-feed (PHP):

Affected version(s) >=2.2.0 <2.2.3

Fix Suggestion:

Update to version 2.2.3

drupal/drupal (PHP):

Affected version(s) >=8.0.0-rc3 <8.0.0

Fix Suggestion:

Update to version 8.0.0

gotcms/gotcms (PHP):

Affected version(s) >=0.1.0b <=1.6.2

Fix Suggestion:

Update to version no_fix

zendframework/zend-feed (PHP):

Affected version(s) >=2.1.3 <2.1.5

Fix Suggestion:

Update to version 2.1.5

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7 <dev-inspect34

Fix Suggestion:

Update to version dev-inspect34

limesurvey/limesurvey (PHP):

Affected version(s) =dev-update-testing-dependencies <dev-viewanswers

Fix Suggestion:

Update to version dev-viewanswers

zzh-php/lib (PHP):

Affected version(s) >=dev-local <=1.1.0.x-dev

Fix Suggestion:

Update to version no_fix

vufind/vufind (PHP):

Affected version(s) >=v1.21.0 <v1.23.0

Fix Suggestion:

Update to version v1.23.0

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-76cf46bd82f4347fa5bd130cdd788057 <=dev-snyk-upgrade-b8f4dac44087b061e2e7d08aa4d95731

Fix Suggestion:

Update to version no_fix

muse/zend-diactoros (PHP):

Affected version(s) =1.8.0 <dev-release-1.8

Fix Suggestion:

Update to version dev-release-1.8

pi/pi (PHP):

Affected version(s) >=dev-master <v2.8.0

Fix Suggestion:

Update to version v2.8.0

vufind/vufind (PHP):

Affected version(s) >=26-beta-1 <dev-VUFIND-1342

Fix Suggestion:

Update to version dev-VUFIND-1342

boboldehampsink/pushnotifications (PHP):

Affected version(s) =0.3.2

Fix Suggestion:

Update to version no_fix

pi/pi (PHP):

Affected version(s) =dev-bs4

Fix Suggestion:

Update to version no_fix

redactivemedia/redactive-drupal8-platform (PHP):

Affected version(s) >=8.0.0-beta12 <8.8.0

Fix Suggestion:

Update to version 8.8.0

boboldehampsink/pushnotifications (PHP):

Affected version(s) >=dev-feature/wns <0.0.3

Fix Suggestion:

Update to version 0.0.3

zendframework/zend-http (PHP):

Affected version(s) >=2.2.10 <2.3.2

Fix Suggestion:

Update to version 2.3.2

vivaweb/zendframework (PHP):

Affected version(s) >=release-2.0.0rc2 <2.5.0

Fix Suggestion:

Update to version 2.5.0

zendframework/zend-diactoros (PHP):

Affected version(s) =1.8.0 <dev-release-1.8

Fix Suggestion:

Update to version dev-release-1.8

zendframework/zend-feed (PHP):

Affected version(s) >=2.0.8 <2.1.2

Fix Suggestion:

Update to version 2.1.2

drupal/core (PHP):

Affected version(s) >=8.0.0-beta6 <8.0.0-rc1

Fix Suggestion:

Update to version 8.0.0-rc1

limesurvey/limesurvey (PHP):

Affected version(s) >=3.28.1+220229 <3.28.14+220608

Fix Suggestion:

Update to version 3.28.14+220608

drupal/core-dependency-injection (PHP):

Affected version(s) >=8.0.0-beta6 <8.0.0-rc1

Fix Suggestion:

Update to version 8.0.0-rc1

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-16939-merge-mistake <dev-fix-16987

Fix Suggestion:

Update to version dev-fix-16987

serkancelik17/hotel_content_api_sdk (PHP):

Affected version(s) >=dev-master <=v1.0.0

Fix Suggestion:

Update to version no_fix

thxyh99/zendframework (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

drupal/core-file-cache (PHP):

Affected version(s) >=8.0.0-beta6 <8.1.0

Fix Suggestion:

Update to version 8.1.0

zendframework/zend-http (PHP):

Affected version(s) >=2.0.0 <2.0.7

Fix Suggestion:

Update to version 2.0.7

zendframework/zend-feed (PHP):

Affected version(s) >=2.3.9 <2.4.0rc3

Fix Suggestion:

Update to version 2.4.0rc3

limesurvey/limesurvey (PHP):

Affected version(s) =3.27.34+220132 <3.27.35+220208

Fix Suggestion:

Update to version 3.27.35+220208

zendframework/zend-feed (PHP):

Affected version(s) >=2.4.13 <2.10.3

Fix Suggestion:

Update to version 2.10.3

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-spss-token-length <dev-fix-tests

Fix Suggestion:

Update to version dev-fix-tests

tanzhenxing/educms (PHP):

Affected version(s) =1.05 <1.06

Fix Suggestion:

Update to version 1.06

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4 <dev-survey-booleans3

Fix Suggestion:

Update to version dev-survey-booleans3

limesurvey/limesurvey (PHP):

Affected version(s) >=3.28.15+220616 <3.28.18+220706

Fix Suggestion:

Update to version 3.28.18+220706

drupal/drupal (PHP):

Affected version(s) =8.0.0-rc1 <8.0.0-rc2

Fix Suggestion:

Update to version 8.0.0-rc2

zendframework/zend-diactoros (PHP):

Affected version(s) >=1.8.1 <1.8.4

Fix Suggestion:

Update to version 1.8.4

zendframework/zend-feed (PHP):

Affected version(s) >=2.0.5 <2.0.7

Fix Suggestion:

Update to version 2.0.7

vufind/vufind (PHP):

Affected version(s) >=dev-release-2.2 <dev-release-3.0

Fix Suggestion:

Update to version dev-release-3.0

atnightandintransportation/cms (PHP):

Affected version(s) >=0.5.0 <0.6.1

Fix Suggestion:

Update to version 0.6.1

controleonline/speed-up-essentials (PHP):

Affected version(s) >=v1.10.16 <=v1.13.1

Fix Suggestion:

Update to version no_fix

cristiroma/drupal-boilerplate-8 (PHP):

Affected version(s) =0.1

Fix Suggestion:

Update to version no_fix

xtreed/zend-diactoros (PHP):

Affected version(s) >=1.8.1 <1.8.4

Fix Suggestion:

Update to version 1.8.4

zendframework/zend-feed (PHP):

Affected version(s) >=2.2.4 <2.2.6

Fix Suggestion:

Update to version 2.2.6

gotcms/gotcms (PHP):

Affected version(s) >=dev-master <0.1.0a

Fix Suggestion:

Update to version 0.1.0a

drupal/core (PHP):

Affected version(s) >=8.0.0-beta10 <8.0.0-beta16

Fix Suggestion:

Update to version 8.0.0-beta16

zendframework/zend-feed (PHP):

Affected version(s) =2.4.0 <2.4.1

Fix Suggestion:

Update to version 2.4.1

limesurvey/limesurvey (PHP):

Affected version(s) >=3.28.20+220719 <dev-fixv3-16987

Fix Suggestion:

Update to version dev-fixv3-16987

zendframework/zend-feed (PHP):

Affected version(s) =dev-legacy <dev-master

Fix Suggestion:

Update to version dev-master

Related Resources (5)

https://github.com/zendframework/zend-feed/commit/6641f4cf3f4586c63f83fd70b6d19966025c8888

https://github.com/zendframework/zend-diactoros/commit/736ffa7c2bfa4a60e8a10acb316fa2ac456c5fba

https://framework.zend.com/security/advisory/ZF2018-01

https://github.com/FriendsOfPHP/security-advisories/commit/2506c2b2408132f8e77c6140cb562bebdb92644f

https://github.com/zendframework/zend-http/commit/44197164a270259116162a442f639085ea24094a

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE