What is CVE-2021-3007?

CVE-2021-3007 is a vulnerability in N/a. Published 2021-01-04.

Is CVE-2021-3007 known to be exploited?

22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Str…

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/Ling-Yizhou/zendframework3-/blob/main/zend framework3 反序列化 rce.md (x_refsource_MISC)
github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php (x_refsource_MISC)
github.com/laminas/laminas-http/pull/48 (x_refsource_MISC)
github.com/laminas/laminas-http/releases/tag/2.14.2 (x_refsource_MISC)
research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-cre… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3007?: CVE-2021-3007 is a vulnerability in N/a. Published 2021-01-04.
Is CVE-2021-3007 known to be exploited?: 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.