Updated: 2024-11-24 04:15:59.403657
Description:
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5 |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Released | CLSA-2021:1637673193 | 2022-05-05 12:02:24 | |
| CentOS 7 ELS | php | 5.4.16 | 5.3 | MEDIUM | Released | CLSA-2024:1727288730 | 2024-10-07 11:10:35 | |
| CentOS 8.4 ELS | php | 7.4.6 | 5.3 | MEDIUM | Released | CLSA-2022:1654526233 | 2022-06-06 11:49:05 | |
| CentOS 8.5 ELS | php | 7.4.19 | 5.3 | MEDIUM | Released | CLSA-2022:1654526615 | 2022-06-06 11:48:45 | |
| CentOS Stream 8 ELS | php | 7.2.24 | 5.3 | MEDIUM | Released | CLSA-2024:1727895152 | 2024-10-02 17:35:00 | |
| CloudLinux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Released | 2022-02-22 11:48:03 | ||
| CloudLinux 7 ELS | php | 5.4.16 | 5.3 | MEDIUM | Released | CLSA-2024:1728583117 | 2024-10-25 01:16:53 | |
| Oracle Linux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Released | CLSA-2022:1643115104 | 2022-02-22 11:48:03 | |
| Ubuntu 16.04 ELS | php | 7.0.33 | 5.3 | MEDIUM | Released | CLSA-2021:1639681846 | 2022-02-22 11:48:03 | |
| Ubuntu 18.04 ELS | php | 7.2.24-0 | 5.3 | MEDIUM | Already Fixed | 2023-07-04 17:06:50 |