Skip to main content
CVE-2021-3007 CRITICAL POC PATCH THREAT Act Now

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization RCE PHP Laminas Http Zend Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
75.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy