CVE-2020-7071

Updated: 2024-11-24 03:31:55.586964

Description:

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
EL 6 PHP php 7.2 5.3 MEDIUM Ignored 2024-05-14 17:12:03
EL 6 PHP php 8.0 5.3 MEDIUM Ignored 2024-05-14 17:11:59
EL 6 PHP php 5.2 5.3 MEDIUM Ignored 2024-05-14 17:12:03
EL 6 PHP php 7.1 5.3 MEDIUM In Testing 2025-03-28 03:16:19
EL 6 PHP php 7.0 5.3 MEDIUM In Testing 2025-03-28 03:16:19
EL 6 PHP php 5.5 5.3 MEDIUM In Testing 2025-03-28 03:16:21
EL 6 PHP php 8.1 5.3 MEDIUM Ignored 2024-05-14 17:11:53
EL 6 PHP php 7.4 5.3 MEDIUM Ignored 2024-05-14 17:11:59
EL 6 PHP php 5.3 5.3 MEDIUM In Testing 2025-03-28 03:16:22
EL 6 PHP php 5.4 5.3 MEDIUM In Testing 2025-03-28 03:16:22
Total: 97