CVE-2021-21708: potential RCE with filter_var(..., FILTER_VALIDATE_FLOAT)
Bug #1961820 reported by
Matt Coleman
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php7.4 (Ubuntu) |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden | ||
php8.0 (Ubuntu) |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden |
Bug Description
This article was recently posted about a vulnerability with potential for RCE in PHP's FILTER_
https:/
It has been fixed in PHP 7.4.28.
Canonical has already documented the CVE and given it a "Medium" rating:
https:/
Red Hat gave it a 6.6 rating:
https:/
CVE References
information type: | Private Security → Public Security |
Changed in php7.4 (Ubuntu): | |
status: | Confirmed → In Progress |
assignee: | nobody → Rodrigo Figueiredo Zaiden (rodrigo-zaiden) |
Changed in php8.0 (Ubuntu): | |
assignee: | nobody → Rodrigo Figueiredo Zaiden (rodrigo-zaiden) |
status: | New → In Progress |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.