In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: php
Published: 2024-06-09T18:26:28.804Z
Updated: 2024-08-01T21:11:12.787Z
Reserved: 2024-05-29T00:23:37.703Z
Link: CVE-2024-5458
Vulnrichment
Updated: 2024-08-01T21:11:12.787Z
NVD
Status : Modified
Published: 2024-06-09T19:15:52.397
Modified: 2024-11-21T09:47:43.413
Link: CVE-2024-5458
Redhat