CVE-2020-29312

Published: Apr 4, 2023Modified: Feb 18, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020.

Affected (1)

Products: Zend: Zend Framework

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zend Zend Framework	Up to 3.1.3

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (6)

http://zend.com

Source: cve@mitre.org

Product

https://cowtransfer.com/s/f9684f004d7149

Source: cve@mitre.org

Broken Link

https://github.com/zendframework/zendframework

Source: cve@mitre.org

Product

http://zend.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://cowtransfer.com/s/f9684f004d7149

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://github.com/zendframework/zendframework

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.