[MEDIUM] XXE/XEE vector when using ZendXml on multibyte payloads

PKSA-wkm6-gzx7-1qtv CVE-2015-5161 GHSA-xp8p-9rq5-4wgv

Affected package: zendframework/zendframework1

Affected version: >=1.12.0,<1.12.14

Reported by:
GitHub, FriendsOfPHP/security-advisories