ghsa-grxx-qh3p-vx7g
Vulnerability from github
Published
2022-05-24 17:42
Modified
2022-08-29 20:06
Severity
Details
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
{
"affected": [],
"aliases": [
"CVE-2020-7071"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-15T04:15:00Z",
"severity": "MODERATE"
},
"details": "In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.",
"id": "GHSA-grxx-qh3p-vx7g",
"modified": "2022-08-29T20:06:46Z",
"published": "2022-05-24T17:42:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7071"
},
{
"type": "WEB",
"url": "https://bugs.php.net/bug.php?id=77423"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202105-23"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210312-0005"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4856"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Loading...