Search for vulnerabilities
Vulnerability details: VCID-38d8-12uy-aaak
Vulnerability ID VCID-38d8-12uy-aaak
Aliases CVE-2024-5458
Summary In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-345 Insufficient Verification of Data Authenticity
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5458.json
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00189 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00249 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00279 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00287 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00355 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00395 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00418 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.00464 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2024-5458
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-5458
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2024-5458
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5458.json
https://api.first.org/data/v1/epss?cve=CVE-2024-5458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w
https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
https://security.netapp.com/advisory/ntap-20240726-0001/
http://www.openwall.com/lists/oss-security/2024/06/07/1
1072885 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072885
2291252 https://bugzilla.redhat.com/show_bug.cgi?id=2291252
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-5458 https://nvd.nist.gov/vuln/detail/CVE-2024-5458
GLSA-202408-32 https://security.gentoo.org/glsa/202408-32
RHSA-2024:10949 https://access.redhat.com/errata/RHSA-2024:10949
RHSA-2024:10950 https://access.redhat.com/errata/RHSA-2024:10950
RHSA-2024:10951 https://access.redhat.com/errata/RHSA-2024:10951
RHSA-2024:10952 https://access.redhat.com/errata/RHSA-2024:10952
RHSA-2025:7315 https://access.redhat.com/errata/RHSA-2025:7315
USN-6841-1 https://usn.ubuntu.com/6841-1/
USN-6841-2 https://usn.ubuntu.com/6841-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-5458.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-5458
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-5458
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.33994
EPSS Score 0.00076
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-06-07T11:54:18.638647+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 34.0.0rc4