CVE-2021-21705 in SD-WAN Awareinformação

Sumário

de MITRE • 04/10/2021

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

PHP Group

Reservar

04/01/2021

Divulgação

04/10/2021

Moderação

aceite

Entrada

Relacionar

mostrar

CPE

pronto

CWE

CWE-20 (confirmado)

CVSS

5.3 (NVD)

EPSS

0.00294

KEV

não

Atividades

muito baixo

Sector

Telecommunication, Transportation, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-21705
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-21705
CVE Details	https://www.cvedetails.com/cve/CVE-2021-21705/

◂ Voltar Visão Geral Próximo ▸

Do you know our Splunk app?

Download it now for free!