Name of the Vulnerable Software and Affected Versions: Zend Framework versions prior to 1.11.13 and 1.12.0

Description: The issue concerns the insecure usage of PHP's DOM extension in Zend Feed Rss and Zend Feed Atom, allowing for potential XML eXternal Entity (XXE) vectors. This could be exploited by adding a specific DOCTYPE element to feeds, enabling the opening of arbitrary files and/or TCP connections.

Recommendations: For versions prior to 1.11.13 and 1.12.0, consider updating to version 1.11.13 or 1.12.0 to resolve the issue. As a temporary workaround, consider restricting the usage of the Zend Feed Rss and Zend Feed Atom classes until a patch is applied. Additionally, avoid using the Zend Feed::import() factory method with untrusted input until the issue is resolved.