Описание
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
Ссылки
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
5.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...
EPSS
5.3 Medium
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2