CVE-2021-21708: potential RCE with filter_var(..., FILTER_VALIDATE_FLOAT)
Bug #1961820 reported by
Matt Coleman
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| php7.4 (Ubuntu) |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden | ||
| php8.0 (Ubuntu) |
Fix Released
|
Undecided
|
Rodrigo Figueiredo Zaiden | ||
Bug Description
This article was recently posted about a vulnerability with potential for RCE in PHP's FILTER_
https:/
It has been fixed in PHP 7.4.28.
Canonical has already documented the CVE and given it a "Medium" rating:
https:/
Red Hat gave it a 6.6 rating:
https:/
CVE References
| information type: | Private Security → Public Security |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in php7.4 (Ubuntu): | |
| status: | New → Confirmed |
| Changed in php7.4 (Ubuntu): | |
| status: | Confirmed → In Progress |
| assignee: | nobody → Rodrigo Figueiredo Zaiden (rodrigo-zaiden) |
| Changed in php8.0 (Ubuntu): | |
| assignee: | nobody → Rodrigo Figueiredo Zaiden (rodrigo-zaiden) |
| status: | New → In Progress |
Revision history for this message
| Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote | #2 |
| Changed in php7.4 (Ubuntu): | |
| status: | In Progress → Fix Released |
Revision history for this message
| Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote | #3 |
| Changed in php8.0 (Ubuntu): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.