漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Filter bypass in filter_var (FILTER_VALIDATE_URL)
Vulnerability Description
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
PHP 安全漏洞
Vulnerability Description
PHP是一种在服务器端执行的脚本语言。 PHP存在安全漏洞,该漏洞源于代码逻辑错误,过滤函数验证URLs时,对于某些类型的URL,函数会错误地将包含用户名和密码部分的无效用户信息视为有效用户信息。以下版本受到影响:8.1至8.1.29之前版本,8.3至8.3.8之前版本,8.2至8.2.20之前版本。
CVSS Information
N/A
Vulnerability Type
N/A