admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-21707 for PHP

Browse Source
This commit is contained in:
Stanislav Malyshev 2021-11-28 22:19:15 -08:00
parent 4cc233ebfe
commit b6e63357e7
1 changed files with 95 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
2021/21xxx/CVE-2021-21707.json
View File

@ -1,18 +1,107 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@php.net",
"DATE_PUBLIC": "2021-11-15T15:31:00.000Z",
"ID": "CVE-2021-21707",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Special characters break path parsing in XML functions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHP",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "7.3.x",
"version_value": "7.3.33"
},
{
"version_affected": "<",
"version_name": "7.4.x",
"version_value": "7.4.26"
},
{
"version_affected": "<",
"version_name": "8.0.X",
"version_value": "8.0.13"
}
]
}
}
]
},
"vendor_name": "PHP Group"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by rawataman6525 at gmail dot com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. "
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-159 Failure to Sanitize Special Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=79971"
}
]
},
"source": {
"advisory": "https://bugs.php.net/bug.php?id=79971",
"defect": [
"https://bugs.php.net/bug.php?id=79971"
],
"discovery": "EXTERNAL"
}
}