In PHP versionsĀ 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLsĀ (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2024-06-09T18:26:28.804Z
Updated: 2024-08-01T21:11:12.787Z
Reserved: 2024-05-29T00:23:37.703Z
Link: CVE-2024-5458
Vulnrichment
Updated: 2024-08-01T21:11:12.787Z
NVD
Status : Modified
Published: 2024-06-09T19:15:52.397
Modified: 2024-07-28T14:15:10.873
Link: CVE-2024-5458
Redhat