Lucene search

K

Getlaminas Security Vulnerabilities

cve
cve

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer.....

9.8CVSS

9.6AI Score

0.044EPSS

2021-01-04 03:15 AM
230
In Wild
32
cve
cve

CVE-2022-23598

laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors() view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value...

6.1CVSS

5.9AI Score

0.002EPSS

2022-01-28 10:15 PM
75
cve
cve

CVE-2023-29530

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value,....

7.5CVSS

6.4AI Score

0.001EPSS

2023-04-24 08:15 PM
59
cve
cve

CVE-2022-31109

laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol,...

7.2CVSS

5.9AI Score

0.001EPSS

2022-08-01 05:15 PM
69
4