RHSA-2021:2992MediumCVSS 7.5

Red Hat Security Advisory: rh-php73-php security, bug fix, and enhancement update

Published
August 3, 2021
Last Modified
June 25, 2026

🔗 CVE IDs covered (6)

📋 Description

CVE-2020-7068 — php: Use of freed hash key in the phar_parse_zipfile function CVE-2020-7069 — php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7070 — php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server CVE-2020-7071 — php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo CVE-2021-21702 — php: NULL pointer dereference in SoapClient CVE-2021-21705 — php: SSRF bypass in FILTER_VALIDATE_URL

🔗 References (10)