Home

CVE-2021-21705

Description

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.294

Associated Vulnerability

VulnerabilityOS Platform
php7.3 security update(DSA-4935-1) php7.3_7.3.29-1~deb10u1_all.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.2-cgi_7.2.24-0ubuntu0.18.04.8_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.2-cgi_7.2.24-0ubuntu0.18.04.8_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.2-cli_7.2.24-0ubuntu0.18.04.8_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.2-cli_7.2.24-0ubuntu0.18.04.8_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.2-fpm_7.2.24-0ubuntu0.18.04.8_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.2-fpm_7.2.24-0ubuntu0.18.04.8_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cgi_7.4.3-4ubuntu2.5_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cgi_7.4.3-4ubuntu2.5_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cgi_7.4.9-1ubuntu1.2_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cgi_7.4.9-1ubuntu1.2_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cgi_7.4.16-1ubuntu2.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cgi_7.4.16-1ubuntu2.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cli_7.4.3-4ubuntu2.5_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cli_7.4.3-4ubuntu2.5_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cli_7.4.9-1ubuntu1.2_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cli_7.4.9-1ubuntu1.2_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cli_7.4.16-1ubuntu2.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-cli_7.4.16-1ubuntu2.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-fpm_7.4.3-4ubuntu2.5_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-fpm_7.4.3-4ubuntu2.5_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-fpm_7.4.9-1ubuntu1.2_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-fpm_7.4.9-1ubuntu1.2_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-fpm_7.4.16-1ubuntu2.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) php7.4-fpm_7.4.16-1ubuntu2.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.2_7.2.24-0ubuntu0.18.04.8_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.2_7.2.24-0ubuntu0.18.04.8_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.4_7.4.3-4ubuntu2.5_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.4_7.4.3-4ubuntu2.5_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.4_7.4.9-1ubuntu1.2_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.4_7.4.9-1ubuntu1.2_amd64.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.4_7.4.16-1ubuntu2.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-5006-1) libapache2-mod-php7.4_7.4.16-1ubuntu2.1_amd64.debLinux
(RHSA-2022:1935) php:7.4 security update apcu-panel-5.1.18-1.module+el8.3.0+6678+b09f589e.noarch.rpmLinux
(RHSA-2022:1935) php:7.4 security update libzip-debugsource-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update libzip-devel-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update libzip-tools-1.6.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-bcmath-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-cli-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-common-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-dba-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-dbg-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-debugsource-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-devel-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-embedded-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-enchant-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-ffi-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-fpm-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-gd-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-gmp-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-intl-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-ldap-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-mbstring-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-mysqlnd-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-odbc-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-opcache-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pdo-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pecl-apcu-debugsource-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pecl-rrd-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pecl-rrd-debugsource-2.0.1-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pecl-xdebug-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pecl-xdebug-debugsource-2.9.5-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pecl-zip-debugsource-1.18.2-1.module+el8.3.0+6678+b09f589e.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-pgsql-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-process-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-snmp-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-soap-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-xml-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
(RHSA-2022:1935) php:7.4 security update php-xmlrpc-7.4.19-2.module+el8.6.0+13953+0a59ce9f.x86_64.rpmLinux
Apcu-panel update (ELSA-2023-2903) apcu-panel-5.1.18-1.module+el8.3.0+7685+72d70b58.noarch.rpmLinux
Libzip update (ELSA-2023-2903) libzip-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Libzip-devel update (ELSA-2023-2903) libzip-devel-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Libzip-tools update (ELSA-2023-2903) libzip-tools-1.6.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php update (ELSA-2023-2903) php-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-bcmath update (ELSA-2023-2903) php-bcmath-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-cli update (ELSA-2023-2903) php-cli-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-common update (ELSA-2023-2903) php-common-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-dba update (ELSA-2023-2903) php-dba-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-dbg update (ELSA-2023-2903) php-dbg-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-devel update (ELSA-2023-2903) php-devel-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-embedded update (ELSA-2023-2903) php-embedded-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-enchant update (ELSA-2023-2903) php-enchant-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-ffi update (ELSA-2023-2903) php-ffi-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-fpm update (ELSA-2023-2903) php-fpm-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-gd update (ELSA-2023-2903) php-gd-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-gmp update (ELSA-2023-2903) php-gmp-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-intl update (ELSA-2023-2903) php-intl-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-json update (ELSA-2023-2903) php-json-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-ldap update (ELSA-2023-2903) php-ldap-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-mbstring update (ELSA-2023-2903) php-mbstring-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-mysqlnd update (ELSA-2023-2903) php-mysqlnd-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-odbc update (ELSA-2023-2903) php-odbc-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-opcache update (ELSA-2023-2903) php-opcache-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-pdo update (ELSA-2023-2903) php-pdo-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-pear update (ELSA-2023-2903) php-pear-1.10.13-1.module+el8.7.0+20800+8e29b882.noarch.rpmLinux
Php-pecl-apcu update (ELSA-2023-2903) php-pecl-apcu-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-apcu-devel update (ELSA-2023-2903) php-pecl-apcu-devel-5.1.18-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-rrd update (ELSA-2023-2903) php-pecl-rrd-2.0.1-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-xdebug update (ELSA-2023-2903) php-pecl-xdebug-2.9.5-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pecl-zip update (ELSA-2023-2903) php-pecl-zip-1.18.2-1.module+el8.3.0+7685+72d70b58.x86_64.rpmLinux
Php-pgsql update (ELSA-2023-2903) php-pgsql-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-process update (ELSA-2023-2903) php-process-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-snmp update (ELSA-2023-2903) php-snmp-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-soap update (ELSA-2023-2903) php-soap-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-xml update (ELSA-2023-2903) php-xml-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
Php-xmlrpc update (ELSA-2023-2903) php-xmlrpc-7.4.33-1.module+el8.8.0+20974+ef7eddfa.x86_64.rpmLinux
SUSE-SU-2021:2637-1(SUSE Linux Enterprise Module for Web Scripting 15-SP3 ) php7-7.4.6-3.22.1.x86_64.rpmLinux
SUSE-SU-2021:2637-1(SUSE Linux Enterprise Module for Web Scripting 15-SP3 ) php7-debuginfo-7.4.6-3.22.1.x86_64.rpmLinux
Improper Input Validation Vulnerability (CVE-2021-21705)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234