Zend Framework 3.0.0

CPE Details

Zend Framework 3.0.0
zend
zend_framework
3.0.0
2019-06-18
17h17 +00:00
2019-06-18
17h17 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:zend:zend_framework:3.0.0:*:*:*:*:*:*:*

Informations

Vendor

zend

Product

zend_framework

Version

3.0.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-29312 2023-04-04 00h00 +00:00 An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020.
9.8
Critique
CVE-2021-3007 2021-01-04 01h26 +00:00 Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer supported by the maintainer. NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized
9.8
Critique