{"api_version":"1","generated_at":"2026-04-23T01:00:24+00:00","cve":"CVE-2021-21707","urls":{"html":"https://cve.report/CVE-2021-21707","api":"https://cve.report/api/cve/CVE-2021-21707.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-21707","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-21707"},"summary":{"title":"CVE-2021-21707","description":"In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.","state":"PUBLIC","assigner":"security@php.net","published_at":"2021-11-29 07:15:00","updated_at":"2023-02-16 03:07:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20211223-0005/","name":"https://security.netapp.com/advisory/ntap-20211223-0005/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-21707 PHP Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5082","name":"DSA-5082","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5082-1 php7.4","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.tenable.com/security/tns-2022-09","name":"https://www.tenable.com/security/tns-2022-09","refsource":"CONFIRM","tags":[],"title":"[R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities - Security Advisory | Tenable®","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugs.php.net/bug.php?id=79971","name":"https://bugs.php.net/bug.php?id=79971","refsource":"MISC","tags":[],"title":"PHP :: Sec Bug #79971 :: special character is breaking the path in xml function","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html","name":"[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3243-1] php7.3 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-21707","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21707","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Reported by rawataman6525 at gmail dot com","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"21707","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21707","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21707","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"clustered_data_ontap","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21707","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21707","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tenable","cpe5":"tenable.sc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-21707","qid":"150480","title":"Improper Handling of XML Functions in PHP (CVE-2021-21707)"},{"cve":"CVE-2021-21707","qid":"160244","title":"Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2022-7628)"},{"cve":"CVE-2021-21707","qid":"179085","title":"Debian Security Update for php7.4 (DSA 5082-1)"},{"cve":"CVE-2021-21707","qid":"181332","title":"Debian Security Update for php7.3 (DLA 3243-1)"},{"cve":"CVE-2021-21707","qid":"198686","title":"Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5300-2)"},{"cve":"CVE-2021-21707","qid":"198690","title":"Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5300-3)"},{"cve":"CVE-2021-21707","qid":"240535","title":"Red Hat Update for rh-php73-php (RHSA-2022:5491)"},{"cve":"CVE-2021-21707","qid":"240855","title":"Red Hat Update for php:7.4 security (RHSA-2022:7628)"},{"cve":"CVE-2021-21707","qid":"282077","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2021-88ba46f2b2)"},{"cve":"CVE-2021-21707","qid":"282078","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2021-c8043fa05f)"},{"cve":"CVE-2021-21707","qid":"282149","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2021-06795380db)"},{"cve":"CVE-2021-21707","qid":"354412","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2022-2022-073"},{"cve":"CVE-2021-21707","qid":"356072","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-001"},{"cve":"CVE-2021-21707","qid":"356083","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-001"},{"cve":"CVE-2021-21707","qid":"377999","title":"Alibaba Cloud Linux Security Update for php:7.4 (ALINUX3-SA-2023:0018)"},{"cve":"CVE-2021-21707","qid":"38884","title":"Hypertext Preprocessor (PHP) Extensible Markup Language (XML) Parsing Vulnerability (79971)"},{"cve":"CVE-2021-21707","qid":"501146","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2021-21707","qid":"501665","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2021-21707","qid":"501668","title":"Alpine Linux Security Update for php8"},{"cve":"CVE-2021-21707","qid":"502330","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2021-21707","qid":"671646","title":"EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2022-1755)"},{"cve":"CVE-2021-21707","qid":"751448","title":"SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2021:3927-1)"},{"cve":"CVE-2021-21707","qid":"751467","title":"OpenSUSE Security Update for php7 (openSUSE-SU-2021:3943-1)"},{"cve":"CVE-2021-21707","qid":"751513","title":"OpenSUSE Security Update for php7 (openSUSE-SU-2021:1570-1)"},{"cve":"CVE-2021-21707","qid":"751763","title":"SUSE Enterprise Linux Security Update for php72 (SUSE-SU-2022:0577-1)"},{"cve":"CVE-2021-21707","qid":"751772","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:0679-1)"},{"cve":"CVE-2021-21707","qid":"751779","title":"OpenSUSE Security Update for php7 (openSUSE-SU-2022:0679-1)"},{"cve":"CVE-2021-21707","qid":"752863","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:3997-1)"},{"cve":"CVE-2021-21707","qid":"752878","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4067-1)"},{"cve":"CVE-2021-21707","qid":"752898","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4069-1)"},{"cve":"CVE-2021-21707","qid":"752901","title":"SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:4068-1)"},{"cve":"CVE-2021-21707","qid":"753278","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:2292-1)"},{"cve":"CVE-2021-21707","qid":"753350","title":"SUSE Enterprise Linux Security Update for php8 (SUSE-SU-2022:2303-1)"},{"cve":"CVE-2021-21707","qid":"901256","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (7328)"},{"cve":"CVE-2021-21707","qid":"940756","title":"AlmaLinux Security Update for php:7.4 (ALSA-2022:7628)"},{"cve":"CVE-2021-21707","qid":"960333","title":"Rocky Linux Security Update for php:7.4 (RLSA-2022:7628)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@php.net","DATE_PUBLIC":"2021-11-15T15:31:00.000Z","ID":"CVE-2021-21707","STATE":"PUBLIC","TITLE":"Special characters break path parsing in XML functions"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"PHP","version":{"version_data":[{"version_affected":"<","version_name":"7.3.x","version_value":"7.3.33"},{"version_affected":"<","version_name":"7.4.x","version_value":"7.4.26"},{"version_affected":"<","version_name":"8.0.X","version_value":"8.0.13"}]}}]},"vendor_name":"PHP Group"}]}},"credit":[{"lang":"eng","value":"Reported by rawataman6525 at gmail dot com"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-159 Failure to Sanitize Special Element"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://bugs.php.net/bug.php?id=79971","name":"https://bugs.php.net/bug.php?id=79971"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20211223-0005/","url":"https://security.netapp.com/advisory/ntap-20211223-0005/"},{"refsource":"DEBIAN","name":"DSA-5082","url":"https://www.debian.org/security/2022/dsa-5082"},{"refsource":"CONFIRM","name":"https://www.tenable.com/security/tns-2022-09","url":"https://www.tenable.com/security/tns-2022-09"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221215 [SECURITY] [DLA 3243-1] php7.3 security update","url":"https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html"}]},"source":{"advisory":"https://bugs.php.net/bug.php?id=79971","defect":["https://bugs.php.net/bug.php?id=79971"],"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-11-29 07:15:00","lastModifiedDate":"2023-02-16 03:07:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.13","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.26","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.3.33","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*","versionEndExcluding":"5.21.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"21707","Ordinal":"196396","Title":"CVE-2021-21707","CVE":"CVE-2021-21707","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"21707","Ordinal":"1","NoteData":"In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"21707","Ordinal":"2","NoteData":"2021-11-29","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"21707","Ordinal":"3","NoteData":"2021-12-23","Type":"Other","Title":"Modified"}]}}}