Описание
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | php | Out of support scope | ||
| Red Hat Enterprise Linux 7 | php | Will not fix | ||
| Red Hat Enterprise Linux 8 | php:7.2/php | Will not fix | ||
| Red Hat Enterprise Linux 8 | php:7.3/php | Will not fix | ||
| Red Hat Enterprise Linux 9 | php | Not affected | ||
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2021:4213 | 09.11.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-php73-php | Fixed | RHSA-2021:2992 | 03.08.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-php73-php | Fixed | RHSA-2021:2992 | 03.08.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...
EPSS
5.3 Medium
CVSS3