Remote Code Execution (RCE)

2021-04-2209:11:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.044 Low

EPSS

Percentile

92.4%

JSON

laminas/laminas-http is vulnerable to remote code execution. An attacker is able to input malicious data as it does not verify the type of the file name as string before unlinking.

CPENameOperatorVersion
laminas/laminas-httple2.14.1
laminas/laminas-httple2.14.1

CPE	Name	Operator	Version
	laminas/laminas-http	le	2.14.1
	laminas/laminas-http	le	2.14.1

References

github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php

github.com/laminas/laminas-http/pull/48

github.com/laminas/laminas-http/releases/tag/2.14.2

github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md

research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/

0.044 Low

EPSS

Percentile

92.4%

JSON

Related for VERACODE:30121