CVE-2024-5458 Information

Description

In PHP versions 8.1. before 8.1.29 8.2. before 8.2.20 8.3. before 8.3.8 due to a code logic error filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

Reference

https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w