Updated: 2023-11-04 20:50:44.111729
Description:
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 5 |
CVSS Version 3.x | MEDIUM | 5.3 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Released | CLSA-2021:1637673193 | 2022-05-05 12:02:24 |
CentOS 7 ELS | php | 5.4.16 | 5.3 | MEDIUM | Ignored | 2024-01-21 08:36:31 | |
CentOS 8.4 ELS | php | 7.4.6 | 5.3 | MEDIUM | Released | CLSA-2022:1654526233 | 2022-06-06 11:49:05 |
CentOS 8.5 ELS | php | 7.4.19 | 5.3 | MEDIUM | Released | CLSA-2022:1654526615 | 2022-06-06 11:48:45 |
CloudLinux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Released | 2022-02-22 11:48:03 | |
Oracle Linux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Released | CLSA-2022:1643115104 | 2022-02-22 11:48:03 |
Ubuntu 16.04 ELS | php | 7.0.33 | 5.3 | MEDIUM | Released | CLSA-2021:1639681846 | 2022-02-22 11:48:03 |
Ubuntu 18.04 ELS | php | 7.2.24-0 | 5.3 | MEDIUM | Already Fixed | 2023-07-04 17:06:50 |