{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-21707", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "datePublished": "2021-11-29T06:25:08.814960Z", "dateUpdated": "2024-09-17T03:38:22.394Z", "dateReserved": "2021-01-04T00:00:00"}, "containers": {"cna": {"title": "Special characters break path parsing in XML functions", "datePublic": "2021-11-15T00:00:00", "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2022-12-15T00:00:00"}, "descriptions": [{"lang": "en", "value": "In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended."}], "affected": [{"vendor": "PHP Group", "product": "PHP", "versions": [{"version": "7.3.x", "status": "affected", "lessThan": "7.3.33", "versionType": "custom"}, {"version": "7.4.x", "status": "affected", "lessThan": "7.4.26", "versionType": "custom"}, {"version": "8.0.X", "status": "affected", "lessThan": "8.0.13", "versionType": "custom"}]}], "references": [{"url": "https://bugs.php.net/bug.php?id=79971"}, {"url": "https://security.netapp.com/advisory/ntap-20211223-0005/"}, {"name": "DSA-5082", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5082"}, {"url": "https://www.tenable.com/security/tns-2022-09"}, {"name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}], "credits": [{"lang": "en", "value": "Reported by rawataman6525 at gmail dot com"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-159 Failure to Sanitize Special Element", "cweId": "CWE-159"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://bugs.php.net/bug.php?id=79971", "defect": ["https://bugs.php.net/bug.php?id=79971"], "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:23:28.471Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.php.net/bug.php?id=79971", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20211223-0005/", "tags": ["x_transferred"]}, {"name": "DSA-5082", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5082"}, {"url": "https://www.tenable.com/security/tns-2022-09", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "C87BA6C9-B0C3-4039-8F77-C310B1879FA5", "versionEndExcluding": "7.3.33", "versionStartIncluding": "7.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "83EEF959-AE5C-43C0-AF21-535B813E5DC6", "versionEndExcluding": "7.4.26", "versionStartIncluding": "7.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "matchCriteriaId": "60FBEAE8-F094-420B-8282-AFC3C33ABF28", "versionEndExcluding": "8.0.13", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAB9A41F-91F1-40DF-BF12-6ADA7229A84C", "versionEndExcluding": "5.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended."}, {"lang": "es", "value": "En PHP versiones 7.3.x anteriores a 7.3.33, 7.4.x anteriores a 7.4.26 y 8.0.x anteriores a 8.0.13, determinadas funciones de an\u00e1lisis de XML, como simplexml_load_file(), decodifican el nombre de archivo que les es pasado. Si ese nombre de archivo contiene un car\u00e1cter NUL codificado en la URL, esto puede causar que la funci\u00f3n lo interprete como el final del nombre de archivo, interpretando as\u00ed el nombre de archivo de forma diferente a la que el usuario pretend\u00eda, lo que puede conllevar a una lectura de un archivo diferente al deseado"}], "id": "CVE-2021-21707", "lastModified": "2023-02-16T03:07:25.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@php.net", "type": "Secondary"}]}, "published": "2021-11-29T07:15:06.397", "references": [{"source": "security@php.net", "tags": ["Exploit", "Issue Tracking", "Patch", "Release Notes", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=79971"}, {"source": "security@php.net", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211223-0005/"}, {"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5082"}, {"source": "security@php.net", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2022-09"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-159"}], "source": "security@php.net", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:7628", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.4-8070020220707122009.afd00e68", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-11-08T00:00:00Z"}, {"advisory": "RHSA-2022:5491", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-php73-php-0:7.3.33-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-07-04T00:00:00Z"}], "bugzilla": {"description": "php: Special character breaks path in xml parsing", "id": "2026045", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026045"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.", "A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language(XML) entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality."], "name": "CVE-2021-21707", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "php:7.3/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-11-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-21707\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21707"], "threat_severity": "Moderate", "upstream_fix": "php-8.1.0 php-7.3.33"}