Hide Forgot
A security issue was found in the php_url_parse_ex() function in PHP, which leads to FILTER_VALIDATE_URL accepting URLs with invalid userinfo Reference: https://bugs.php.net/bug.php?id=77423
Created php tracking bugs for this issue: Affects: fedora-all [bug 1913847]
PHP 7.3.26 includes a fix https://github.com/php/php-src/commit/2d3d72412a6734e19a38ed10f385227a6238e4a6 But this fix introduces a BC break and have been reverted and a new fix applied https://github.com/php/php-src/commit/4a89e726bd4d0571991dc22a9a1ad4509e8fe347 https://github.com/php/php-src/commit/9c673083cd46ee2a954a62156acbe4b6e657c048 Will be part of upcoming 7.3.27
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:2992 https://access.redhat.com/errata/RHSA-2021:2992
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7071
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4213 https://access.redhat.com/errata/RHSA-2021:4213