In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
References
Link | Resource |
---|---|
https://bugs.php.net/bug.php?id=79971 | Exploit Issue Tracking Patch Release Notes Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html | Issue Tracking Mailing List |
https://security.netapp.com/advisory/ntap-20211223-0005/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5082 | Third Party Advisory |
https://www.tenable.com/security/tns-2022-09 | Patch Release Notes Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 Feb 2023, 03:07
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html - Issue Tracking, Mailing List | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
15 Dec 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2022, 01:47
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.tenable.com/security/tns-2022-09 - Patch, Release Notes, Third Party Advisory | |
First Time |
Tenable
Tenable tenable.sc |
|
CPE | cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* |
20 Apr 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2022, 18:10
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugs.php.net/bug.php?id=79971 - Exploit, Issue Tracking, Patch, Release Notes, Vendor Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5082 - Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
21 Feb 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jan 2022, 16:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://bugs.php.net/bug.php?id=79971 - Exploit, Issue Tracking, Release Notes, Vendor Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211223-0005/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* | |
First Time |
Netapp
Netapp clustered Data Ontap |
23 Dec 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Nov 2021, 13:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://bugs.php.net/bug.php?id=79971 - Exploit, Release Notes, Vendor Advisory | |
CPE | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other |
29 Nov 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-29 07:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-21707
Mitre link : CVE-2021-21707
CVE.ORG link : CVE-2021-21707
JSON object : View
Products Affected
netapp
- clustered_data_ontap
php
- php
tenable
- tenable.sc
debian
- debian_linux
CWE