CVE-2024-5458

Updated: 2024-07-28 20:47:28.252143

Description:

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS php 5.3.3 5.3 MEDIUM Not Vulnerable 2024-08-06 14:32:24
CentOS 7 ELS php 5.4.16 5.3 MEDIUM Not Vulnerable 2024-08-06 14:32:23
CentOS 8.4 ELS php 7.4.6 5.3 MEDIUM Released CLSA-2024:1718897857 2024-06-20 14:19:58
CentOS 8.5 ELS php 7.4.19 5.3 MEDIUM Released CLSA-2024:1721207165 2024-07-17 05:38:07
CentOS Stream 8 ELS php 7.2.24 5.3 MEDIUM In Testing 2024-07-31 17:33:21
CloudLinux 6 ELS php 5.3.3 5.3 MEDIUM Not Vulnerable 2024-08-06 14:32:23
CloudLinux 7 ELS php 5.4.16 5.3 MEDIUM Ignored 2024-07-22 12:05:50
Oracle Linux 6 ELS php 5.3.3 5.3 MEDIUM Not Vulnerable 2024-08-06 14:32:23
Ubuntu 16.04 ELS php 7.0.33 5.3 MEDIUM Released CLSA-2024:1718789388 2024-06-19 10:09:27
Ubuntu 18.04 ELS php 7.2.24-0 5.3 MEDIUM Released CLSA-2024:1718789955 2024-06-19 10:09:30