CVE-2021-21705 in SD-WAN Awareinformación

Resumen

por MITRE • 2021-10-04

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

PHP Group

Reservar

2021-01-04

Divulgación

2021-10-04

Moderación

aceptado

Artículo

Relacionar

mostrar

CPE

listo

CWE

CWE-20 (confirmado)

CVSS

5.3 (NVD)

EPSS

0.00294

KEV

Actividades

muy bajo

Sector

Pharma, Industry, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-21705
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-21705
CVE Details	https://www.cvedetails.com/cve/CVE-2021-21705/

◂ Anterior Visión De Conjunto Próximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!