In PHP versionsĀ 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLsĀ (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2024-06-09T18:26:28.804Z

Updated: 2024-08-01T21:11:12.787Z

Reserved: 2024-05-29T00:23:37.703Z

Link: CVE-2024-5458

cve-icon Vulnrichment

Updated: 2024-08-01T21:11:12.787Z

cve-icon NVD

Status : Modified

Published: 2024-06-09T19:15:52.397

Modified: 2024-07-28T14:15:10.873

Link: CVE-2024-5458

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-10-21T00:00:00Z

Links: CVE-2024-5458 - Bugzilla