CVE-2021-21705 in SD-WAN Awarethông tin

Tóm tắt

Bởi MITRE • 04/10/2021

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

PHP Group

Đặt trước

04/01/2021

Tiết lộ

04/10/2021

Kiểm duyệt

được chấp nhận

mục

Liên hệ

hiển thị

CPE

sẵn sàng

CWE

CWE-20 (Đã xác nhận)

CVSS

5.3 (NVD)

EPSS

0.00294

KEV

không

Các hoạt động

rất thấp

ngành

Hospital, Energy, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-21705
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-21705
CVE Details	https://www.cvedetails.com/cve/CVE-2021-21705/

◂ Trước Tổng Quan Tiếp theo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!