CVE-2024-47053: Php Recursive Sanitization By Value Bypass
A function accepting an array by reference recursively calls itself using a by-value copy of an element from a `foreach` loop. Modifications made by the recursive call overwrite the local copy rather than the original array, meaning sanitizations and validations are bypassed for nested items. To fix this, pass the explicit array index reference (e.g., `$ARR[
greprules fetch cve-2024-47053-php-recursive-sanitization-by-value-bypass --engine opengrepDescription
A function accepting an array by reference recursively calls itself using a by-value copy of an element from a `foreach` loop. Modifications made by the recursive call overwrite the local copy rather than the original array, meaning sanitizations and validations are bypassed for nested items. To fix this, pass the explicit array index reference (e.g., `$ARR[
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.