admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-29 07:01:16 +00:00
parent c003762399
commit 503918b2cb
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2021/21xxx/CVE-2021-21707.json
View File

@ -54,7 +54,7 @@
"description_data": [
{
"lang": "eng",
"value": "In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. "
"value": "In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended."
}
]
},
@ -92,8 +92,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=79971"
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=79971",
"name": "https://bugs.php.net/bug.php?id=79971"
}
]
},