In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
History

Thu, 12 Dec 2024 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:8
cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2024-06-09T18:26:28.804Z

Updated: 2024-08-01T21:11:12.787Z

Reserved: 2024-05-29T00:23:37.703Z

Link: CVE-2024-5458

cve-icon Vulnrichment

Updated: 2024-08-01T21:11:12.787Z

cve-icon NVD

Status : Modified

Published: 2024-06-09T19:15:52.397

Modified: 2024-11-21T09:47:43.413

Link: CVE-2024-5458

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-10-21T00:00:00Z

Links: CVE-2024-5458 - Bugzilla