CVE-2021-3007
packagist/laminas/laminas-http
Deserialization of Untrusted Data
Laminas Project laminas-http has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct
method of the Zend\Http\Response\Stream
class in Stream.php
.
All versions before 2.14.2
Upgrade to version 2.14.2 or above.
2021-01-22
source |