Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-21705

Опубликовано: 04 окт. 2021
Источник: nvd
CVSS3: 4.3
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.3.0 (включая) до 7.3.29 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.4.0 (включая) до 7.4.21 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.0.8 (исключая)
Конфигурация 2
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.0032
Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

CVSS3: 4.3
ubuntu
почти 4 года назад

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

CVSS3: 5.3
redhat
около 4 лет назад

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

CVSS3: 4.3
debian
почти 4 года назад

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below ...

suse-cvrf
около 4 лет назад

Security update for php7

suse-cvrf
около 4 лет назад

Security update for php72

EPSS

Процентиль: 54%
0.0032
Низкий

4.3 Medium

CVSS3

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-20
CWE-20