Vulnerabilities > CVE-2020-29312 - Deserialization of Untrusted Data vulnerability in Zend Framework
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 2020.