Amazon Linux 2 : php (ALASPHP8.2-2024-005)
Discription

The version of php installed on the remote host is prior to 8.2.23-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PHP8.2-2024-005 advisory. In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. (CVE-2024-5458) Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More

Back to Main

Subscribe for the latest news: