laminas/laminas-http is vulnerable to remote code execution. An attacker is able to input malicious data as it does not verify the type of the file name as string before unlinking.
CPE | Name | Operator | Version |
---|---|---|---|
laminas/laminas-http | le | 2.14.1 | |
laminas/laminas-http | le | 2.14.1 |
github.com/laminas/laminas-http/commits/2.15.x/src/Response/Stream.php
github.com/laminas/laminas-http/pull/48
github.com/laminas/laminas-http/releases/tag/2.14.2
github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%20rce.md
research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/