php7 is vulnerable to privilege escalation. The vulnerability is possible due to insufficient validation of URL performed via the “FILTER_VALIDATE_URL” setting. A remote attacker can use the “@” characters in the URL to bypass implemented filter and force the application to accept arbitrary URL instead of the defined by the option.
bugs.php.net/bug.php?id=77423
lists.debian.org/debian-lts-announce/2021/07/msg00008.html
secdb.alpinelinux.org/v3.12/community.yaml
security.gentoo.org/glsa/202105-23
security.netapp.com/advisory/ntap-20210312-0005/
www.debian.org/security/2021/dsa-4856
www.oracle.com/security-alerts/cpuoct2021.html
www.tenable.com/security/tns-2021-14