Updated: 2024-07-28 20:47:28.252143
Description:
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.3 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:24 | |
CentOS 7 ELS | php | 5.4.16 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:23 | |
CentOS 8.4 ELS | php | 7.4.6 | 5.3 | MEDIUM | Released | CLSA-2024:1718897857 | 2024-06-20 14:19:58 |
CentOS 8.5 ELS | php | 7.4.19 | 5.3 | MEDIUM | Released | CLSA-2024:1721207165 | 2024-07-17 05:38:07 |
CentOS Stream 8 ELS | php | 7.2.24 | 5.3 | MEDIUM | In Testing | 2024-07-31 17:33:21 | |
CloudLinux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:23 | |
CloudLinux 7 ELS | php | 5.4.16 | 5.3 | MEDIUM | Ignored | 2024-07-22 12:05:50 | |
Oracle Linux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:23 | |
Ubuntu 16.04 ELS | php | 7.0.33 | 5.3 | MEDIUM | Released | CLSA-2024:1718789388 | 2024-06-19 10:09:27 |
Ubuntu 18.04 ELS | php | 7.2.24-0 | 5.3 | MEDIUM | Released | CLSA-2024:1718789955 | 2024-06-19 10:09:30 |