Updated: 2025-11-10 02:27:17.783672
Description:
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | php | 8.0.30 | 5.3 | MEDIUM | Released | CLSA-2025:1739821812 | 2025-02-18 06:40:53 | |
| CentOS 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:24 | ||
| CentOS 7 ELS | php | 5.4.16 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:23 | ||
| CentOS 8.4 ELS | php | 7.4.6 | 5.3 | MEDIUM | Released | CLSA-2024:1718897857 | 2024-06-20 14:19:58 | |
| CentOS 8.5 ELS | php | 7.4.19 | 5.3 | MEDIUM | Released | CLSA-2024:1721207165 | 2024-07-17 05:38:07 | |
| CentOS Stream 8 ELS | php | 7.2.24 | 5.3 | MEDIUM | Released | CLSA-2024:1727895152 | 2024-10-02 17:39:42 | |
| CloudLinux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:23 | ||
| CloudLinux 7 ELS | php | 5.4.16 | 5.3 | MEDIUM | Ignored | 2024-07-22 12:05:50 | Ignored due to low severity | |
| Debian 10 ELS | php | 7.3 | 5.3 | MEDIUM | Ignored | 2025-10-11 00:19:15 | Ignored due to low severity | |
| Oracle Linux 6 ELS | php | 5.3.3 | 5.3 | MEDIUM | Not Vulnerable | 2024-08-06 14:32:23 |