AVG-2132 log

Package	php
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	8.0.7-1
Fixed	8.0.8-1
Current	8.5.0-1 [extra-testing] 8.4.15-1 [extra]
Ticket	None
Created	Fri Jul 2 13:03:36 2021

Issue	Severity	Remote	Type	Description
CVE-2021-21705	Medium	Yes	Insufficient validation	A security issue was found in the php_url_parse_ex() function in PHP before versions 8.0.8 and 7.4.21, which leads to FILTER_VALIDATE_URL accepting URLs...
CVE-2021-21704	Medium	Yes	Denial of service	Multiple bugs in the pdo_firebase module allow a malicious firebase server or man-in-the-middle attacker to crash PHP before versions 8.0.8 and 7.4.21.

Issue

Severity

Remote

Type

Description

CVE-2021-21705

Medium

Yes

Insufficient validation

A security issue was found in the php_url_parse_ex() function in PHP before versions 8.0.8 and 7.4.21, which leads to FILTER_VALIDATE_URL accepting URLs...

CVE-2021-21704

Medium

Yes

Denial of service

Multiple bugs in the pdo_firebase module allow a malicious firebase server or man-in-the-middle attacker to crash PHP before versions 8.0.8 and 7.4.21.

Date	Advisory	Package	Type
06 Jul 2021	ASA-202107-15	php	multiple issues