CVE-2021-21705
04.10.2021, 04:15
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.Enginsight
| Vendor | Product | Version |
|---|---|---|
| php | php | 7.3.0 ≤ 𝑥 < 7.3.29 |
| php | php | 7.4.0 ≤ 𝑥 < 7.4.21 |
| php | php | 8.0.0 ≤ 𝑥 < 8.0.8 |
| netapp | clustered_data_ontap | - |
| oracle | sd-wan_aware | 8.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| php5 |
| ||||||||||||||||
| php7.0 |
| ||||||||||||||||
| php7.2 |
| ||||||||||||||||
| php7.4 |
| ||||||||||||||||
| php8.0 |
| ||||||||||||||||
| php8.1 |
|
Common Weakness Enumeration
References