{"uuid": "404ccb4d-5bd5-4f13-86bb-27baa8c54fb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3007", "type": "seen", "source": "https://t.me/cibsecurity/21520", "content": "\u203c CVE-2021-3007 \u203c\n\nZend Framework 3.0.0 has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\\Http\\Response\\Stream class in Stream.php. NOTE: the code may be related to Laminas Project laminas-http. Zend Framework is no longer supported by the maintainer. However, not all Zend Framework 3.0.0 vulnerabilities exist in a Laminas Project release.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-04T07:36:17.000000Z"}