{"containers": {"cna": {"affected": [{"product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "7.3.29", "status": "affected", "version": "7.3.x", "versionType": "custom"}, {"lessThan": "7.4.21", "status": "affected", "version": "7.4.x", "versionType": "custom"}, {"lessThan": "8.0.8", "status": "affected", "version": "8.0.X", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "reported by vi at hackberry dot xyz"}], "datePublic": "2021-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-29T16:06:48", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=81122"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"}, {"name": "GLSA-202209-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202209-20"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=81122"], "discovery": "EXTERNAL"}, "title": "Incorrect URL validation in FILTER_VALIDATE_URL", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@php.net", "DATE_PUBLIC": "2021-06-28T11:41:00.000Z", "ID": "CVE-2021-21705", "STATE": "PUBLIC", "TITLE": "Incorrect URL validation in FILTER_VALIDATE_URL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP", "version": {"version_data": [{"version_affected": "<", "version_name": "7.3.x", "version_value": "7.3.29"}, {"version_affected": "<", "version_name": "7.4.x", "version_value": "7.4.21"}, {"version_affected": "<", "version_name": "8.0.X", "version_value": "8.0.8"}]}}]}, "vendor_name": "PHP Group"}]}}, "credit": [{"lang": "eng", "value": "reported by vi at hackberry dot xyz"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=81122", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=81122"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://security.netapp.com/advisory/ntap-20211029-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"}, {"name": "GLSA-202209-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-20"}]}, "source": {"defect": ["https://bugs.php.net/bug.php?id=81122"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:23:29.387Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.php.net/bug.php?id=81122"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"}, {"name": "GLSA-202209-20", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202209-20"}]}]}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2021-21705", "datePublished": "2021-10-04T04:00:15.654508Z", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-09-17T04:09:29.556Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "82BE8E00-14C8-415D-9FDC-7E77C455097D", "versionEndExcluding": "7.3.29", "versionStartIncluding": "7.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C48354D3-01BE-417B-916B-CCB7639C9BA2", "versionEndExcluding": "7.4.21", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "08BF11AE-E859-4498-AA46-72689B4BE396", "versionEndExcluding": "8.0.8", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "667A06DE-E173-406F-94DA-1FE64BCFAE18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision."}, {"lang": "es", "value": "En PHP versiones 7.3.x por debajo de 7.3.29, 7.4.x por debajo de 7.4.21 y 8.0.x por debajo de 8.0.8, cuando es usada la funcionalidad URL validation por medio de la funci\u00f3n filter_var() con el par\u00e1metro FILTER_VALIDATE_URL, una URL con un campo de contrase\u00f1a no v\u00e1lido puede ser aceptada como v\u00e1lida. Esto puede conllevar a que el c\u00f3digo analice incorrectamente la URL y potencialmente conlleve a otras implicaciones de seguridad - como contactar con un servidor equivocado o tomar una decisi\u00f3n de acceso err\u00f3nea"}], "id": "CVE-2021-21705", "lastModified": "2024-11-21T05:48:52.327", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@php.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-04T04:15:08.210", "references": [{"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=81122"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-20"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"}, {"source": "security@php.net", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=81122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211029-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@php.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1935", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.4-8060020220120080432.0a326c83", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-05-10T00:00:00Z"}, {"advisory": "RHSA-2021:2992", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php73-php-0:7.3.29-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHSA-2021:2992", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php73-php-0:7.3.29-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-08-03T00:00:00Z"}], "bugzilla": {"description": "php: SSRF bypass in FILTER_VALIDATE_URL", "id": "1978755", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1978755"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-20->CWE-918", "details": ["In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.", "A flaw was found in php. Currently, php's FILTER_VALIDATE_URL check doesn't recognize some non-compliant RFC 3986 URLs and returns them as valid. This flaw allows an attacker to craft URLs, which depending on how the URL filter checking is used on the application side, lead to Server Side Request Forgery. This issue presents an integrity risk for the application, as eventually, the attacker can manipulate resources that shouldn't be fully available for users."], "name": "CVE-2021-21705", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "php:7.3/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-07-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-21705\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21705\nhttps://bugs.php.net/bug.php?id=81122"], "threat_severity": "Moderate"}