An untrusted deserialization vulnerability has been disclosed this week in how Zend Framework can be exploited by attackers to achieve remote code execution on vulnerable PHP sites. The vulnerability is related to the __destruct method of the ZendHttpResponseStream class in Stream.php. However, Laminas has still issued a patch to “tighten security”” in its framework
Source: the “”Laminas Project”””