Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-21707

Опубликовано: 29 нояб. 2021
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.3.0 (включая) до 7.3.33 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 7.4.0 (включая) до 7.4.26 (исключая)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.0.13 (исключая)
Конфигурация 2
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
Версия до 5.21.0 (исключая)

EPSS

Процентиль: 75%
0.00922
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-159
NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2021-21707

CVSS3: 5.3
ubuntu
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

redhat логотип

CVE-2021-21707

CVSS3: 5.3
redhat
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

debian логотип

CVE-2021-21707

CVSS3: 5.3
debian
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below ...

suse-cvrf логотип

SUSE-SU-2021:3927-1

suse-cvrf
больше 3 лет назад

Security update for php74

github логотип

GHSA-qh78-qfw9-93x9

CVSS3: 5.3
github
больше 3 лет назад

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

EPSS

Процентиль: 75%
0.00922
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-159
NVD-CWE-Other