NOTE: the laminas-http vendor considers this a "vulnerability in the PHP language itself" but has added certain type checking as a way to prevent exploitation in (unrecommended) use cases where attacker-supplied data can be deserialized. Vulnmachines/ZF3_CVE-2021-3007 CVE-2021-3019 (2021...