Browse all 3 CVE security advisories affecting laminas. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Laminas is a PHP framework primarily used for building enterprise web applications and APIs. Historically, it has been susceptible to common web vulnerabilities including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the three CVEs on record highlight potential risks in components like laminas-di and laminas-http, which could allow attackers to execute arbitrary code or bypass security controls. Developers should implement strict input sanitization and keep dependencies updated to mitigate these risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-29530 | Laminas Diactoros vulnerable to HTTP Multiline Header Termination — laminas-diactorosCWE-20 | 7.5 | High | 2023-04-24 |
| CVE-2022-31109 | HTTP Host Header Attack Vulnerability in laminas-diactoros — laminas-diactorosCWE-79 | 7.2 | High | 2022-08-01 |
| CVE-2022-23598 | Reflected XSS vulnerability when rendering error messages in laminas-form — laminas-formCWE-79 | 6.1 | Medium | 2022-01-28 |
This page lists every published CVE security advisory associated with laminas. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.