CVE-2021-3007

Deserialization of Untrusted Data in packagist/laminas/laminas-http

Identifiers

CVE-2021-3007

Package Slug

packagist/laminas/laminas-http

Vulnerability

Deserialization of Untrusted Data

Description

Laminas Project laminas-http has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php.

Affected Versions

All versions before 2.14.2

Solution

Upgrade to version 2.14.2 or above.

Last Modified

2021-01-22

source