CVE-2021-3007

Deserialization of Untrusted Data in packagist/zendframework/zendframework

Identifiers

CVE-2021-3007

Package Slug

packagist/zendframework/zendframework

Vulnerability

Deserialization of Untrusted Data

Description

Zend Framework, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php.

Affected Versions

Version 3.0.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2021-01-21

source