8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.0%
A vulnerability in the cURL command line utility is related to an error in parsing URLs with
IDN characters that are replaced by ASCII analogs during IDN conversion. Exploitation of the vulnerability
could allow an attacker acting remotely to bypass curl’s HSTS inspection and force it to
Use the unencrypted HTTP protocol
The cURL command line utility vulnerability involves a boundary error in the processing of non-200 HTTP responses to the
proxies for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. Exploitation
vulnerability could allow an attacker acting remotely to cause a bug by forcing an application to
connect to resources that are not allowed by the configured proxy server
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.0%