CVE-2021-21705
Incorrect URL validation in FILTER_VALIDATE_URL
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
En PHP versiones 7.3.x por debajo de 7.3.29, 7.4.x por debajo de 7.4.21 y 8.0.x por debajo de 8.0.8, cuando es usada la funcionalidad URL validation por medio de la función filter_var() con el parámetro FILTER_VALIDATE_URL, una URL con un campo de contraseña no válido puede ser aceptada como válida. Esto puede conllevar a que el código analice incorrectamente la URL y potencialmente conlleve a otras implicaciones de seguridad - como contactar con un servidor equivocado o tomar una decisión de acceso errónea
A flaw was found in php. Currently, php's FILTER_VALIDATE_URL check doesn't recognize some non-compliant RFC 3986 URLs and returns them as valid. This flaw allows an attacker to craft URLs, which depending on how the URL filter checking is used on the application side, lead to Server Side Request Forgery. This issue presents an integrity risk for the application, as eventually, the attacker can manipulate resources that shouldn't be fully available for users.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-07-07 CVE Published
- 2024-03-13 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20211029-0006 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugs.php.net/bug.php?id=81122 | 2024-09-17 |
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2022.html | 2022-10-29 |
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202209-20 | 2022-10-29 | |
https://access.redhat.com/security/cve/CVE-2021-21705 | 2022-05-10 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1978755 | 2022-05-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.3.0 < 7.3.29 Search vendor "Php" for product "Php" and version " >= 7.3.0 < 7.3.29" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.4.0 < 7.4.21 Search vendor "Php" for product "Php" and version " >= 7.4.0 < 7.4.21" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.0.0 < 8.0.8 Search vendor "Php" for product "Php" and version " >= 8.0.0 < 8.0.8" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Sd-wan Aware Search vendor "Oracle" for product "Sd-wan Aware" | 8.2 Search vendor "Oracle" for product "Sd-wan Aware" and version "8.2" | - |
Affected
|