C01L

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.1.* through 8.1.28 PHP versions 8.2.* through 8.2.19 PHP versions 8.3.* through 8.3.7 **Description** A code logic error in PHP's filtering functions, such as `filter var`, when validating URLs with `FILTER VALIDATE URL`, can result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to downstream code accepting invalid URLs as valid and parsing them incorrectly. **Recommendations** For PHP versions 8.1.* through 8.1.28, update to version 8.1.29 or later. For PHP versions 8.2.* through 8.2.19, update to version 8.2.20 or later. For PHP versions 8.3.* through 8.3.7, update to version 8.3.8 or later.