{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-5458", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2024-05-29T00:23:37.703Z", "datePublished": "2024-06-09T18:26:28.804Z", "dateUpdated": "2025-03-14T14:13:20.514Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "modules": ["filter"], "product": "PHP", "programFiles": ["ext/filter/logical_filters.c"], "repo": "https://github.com/php/php-src", "vendor": "PHP Group", "versions": [{"lessThan": "8.1.29", "status": "affected", "version": "8.1.*", "versionType": "semver"}, {"lessThan": "8.2.20", "status": "affected", "version": "8.2.*", "versionType": "semver"}, {"lessThan": "8.3.8", "status": "affected", "version": "8.3.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "c01l"}], "datePublic": "2024-06-09T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In PHP versions<span style=\"background-color: var(--wht);\">&nbsp;8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs&nbsp;</span><span style=\"background-color: var(--wht);\">(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.&nbsp;</span><span style=\"background-color: var(--wht);\"><br><br></span>"}], "value": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs\u00a0(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-07-28T14:05:58.895Z"}, "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0001/"}], "source": {"advisory": "GHSA-w8qr-v226-r27w", "discovery": "EXTERNAL"}, "title": "Filter bypass in filter_var (FILTER_VALIDATE_URL)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-345", "lang": "en", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "affected": [{"vendor": "php", "product": "php", "cpes": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "defaultStatus": "affected", "versions": [{"version": "7.3.27", "status": "affected", "lessThanOrEqual": "7.3.33", "versionType": "semver"}, {"version": "7.4.15", "status": "affected", "lessThanOrEqual": "7.4.33", "versionType": "semver"}, {"version": "8.0.2", "status": "affected", "lessThanOrEqual": "8.0.30", "versionType": "semver"}, {"version": "8.1.0", "status": "affected", "lessThan": "8.1.29", "versionType": "semver"}, {"version": "8.2.0", "status": "affected", "lessThan": "8.2.20", "versionType": "semver"}, {"version": "8.3.0", "status": "affected", "lessThan": "8.3.8", "versionType": "semver"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "40", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T19:55:47.057816Z", "id": "CVE-2024-5458", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T14:13:20.514Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.787Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0001/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0001/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:11:12.787Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5458", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T19:55:47.057816Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "vendor": "php", "product": "php", "versions": [{"status": "affected", "version": "7.3.27", "versionType": "semver", "lessThanOrEqual": "7.3.33"}, {"status": "affected", "version": "7.4.15", "versionType": "semver", "lessThanOrEqual": "7.4.33"}, {"status": "affected", "version": "8.0.2", "versionType": "semver", "lessThanOrEqual": "8.0.30"}, {"status": "affected", "version": "8.1.0", "lessThan": "8.1.29", "versionType": "semver"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.20", "versionType": "semver"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.8", "versionType": "semver"}], "defaultStatus": "affected"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "40"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T20:03:56.739Z"}}], "cna": {"title": "Filter bypass in filter_var (FILTER_VALIDATE_URL)", "source": {"advisory": "GHSA-w8qr-v226-r27w", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "c01l"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/php/php-src", "vendor": "PHP Group", "modules": ["filter"], "product": "PHP", "versions": [{"status": "affected", "version": "8.1.*", "lessThan": "8.1.29", "versionType": "semver"}, {"status": "affected", "version": "8.2.*", "lessThan": "8.2.20", "versionType": "semver"}, {"status": "affected", "version": "8.3.*", "lessThan": "8.3.8", "versionType": "semver"}], "programFiles": ["ext/filter/logical_filters.c"], "defaultStatus": "affected"}], "datePublic": "2024-06-09T18:00:00.000Z", "references": [{"url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w"}, {"url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240726-0001/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs\u00a0(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.", "supportingMedia": [{"type": "text/html", "value": "In PHP versions<span style=\"background-color: var(--wht);\">&nbsp;8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs&nbsp;</span><span style=\"background-color: var(--wht);\">(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.&nbsp;</span><span style=\"background-color: var(--wht);\"><br><br></span>", "base64": false}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-07-28T14:05:58.895Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5458", "state": "PUBLISHED", "dateUpdated": "2025-03-14T14:13:20.514Z", "dateReserved": "2024-05-29T00:23:37.703Z", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "datePublished": "2024-06-09T18:26:28.804Z", "assignerShortName": "php"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "8703A80A-44D8-4615-A849-61526B187D73", "versionEndIncluding": "7.3.33", "versionStartIncluding": "7.3.27", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C937E1A7-44CC-4CA3-815C-0E8709EB393E", "versionEndIncluding": "7.4.33", "versionStartIncluding": "7.4.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0FA45C5-498B-4160-9CA3-F0A6533ECDFA", "versionEndIncluding": "8.0.30", "versionStartIncluding": "8.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC2EEF8-834B-42A1-8DA3-0C2CF22A7070", "versionEndExcluding": "8.1.29", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "A39988FF-D854-4277-9D66-6911AF371DD3", "versionEndExcluding": "8.2.20", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "F579FFC1-4F81-4755-B14B-3AA73AC9FF7A", "versionEndExcluding": "8.3.8", "versionStartIncluding": "8.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs\u00a0(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly."}, {"lang": "es", "value": "En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, debido a un error de l\u00f3gica de c\u00f3digo, funciones de filtrado como filter_var al validar URL (FILTER_VALIDATE_URL) para ciertos tipos de URL la funci\u00f3n dar\u00e1 como resultado que la informaci\u00f3n de usuario no v\u00e1lida (nombre de usuario + contrase\u00f1a parte de las URL) se trate como informaci\u00f3n de usuario v\u00e1lida. Esto puede hacer que el c\u00f3digo posterior acepte URL no v\u00e1lidas como v\u00e1lidas y las analice incorrectamente."}], "id": "CVE-2024-5458", "lastModified": "2025-03-14T15:15:44.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@php.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-09T19:15:52.397", "references": [{"source": "security@php.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"source": "security@php.net", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w"}, {"source": "security@php.net", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}, {"source": "security@php.net", "url": "https://security.netapp.com/advisory/ntap-20240726-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240726-0001/"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-345"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:10951", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:8.2-8100020241112130045.f7998665", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-12-11T00:00:00Z"}, {"advisory": "RHSA-2024:10952", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.4-8100020241113075828.f7998665", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-12-11T00:00:00Z"}, {"advisory": "RHSA-2024:10949", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php:8.2-9050020241112094217.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-12-11T00:00:00Z"}, {"advisory": "RHSA-2024:10950", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php:8.1-9050020241112144108.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-12-11T00:00:00Z"}], "bugzilla": {"description": "php: Filter bypass in filter_var (FILTER_VALIDATE_URL)", "id": "2291252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2291252"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs\u00a0(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-5458", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "php:8.0/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-5458\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5458\nhttps://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w"], "statement": "This flaw in PHP's filter_var function with FILTER_VALIDATE_URL constitutes a moderate severity issue because, while it allows URLs with invalid user information to be treated as valid, it does not directly facilitate immediate security breaches or exploits on its own. The impact is limited to cases where applications rely solely on this function for URL validation without additional checks, potentially leading to improper handling of user credentials. However, the flaw does not compromise the overall integrity of the PHP interpreter, nor does it inherently lead to data corruption or system crashes. Its exploitation requires specific conditions and contexts, making it less critical than high-severity vulnerabilities that enable direct remote code execution or privilege escalation.", "threat_severity": "Moderate"}