8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.5%
A vulnerability in the curl program is related to the incorrect replacement of the tilde character (~) when used as a
prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user’s home directory.
element to specify a path relative to the user’s home directory. Exploitation of the vulnerability could
allow an attacker acting remotely to bypass filtering or execute arbitrary code by creating a
a path similar to /~ 2/foo when accessing a server with a specific user.
A vulnerability in the curl program is related to data exchange using the TELNET protocol, which could
allow an attacker to pass a specially crafted username and “telnet parameters” during the process of
server negotiation. Exploitation of the vulnerability could allow an attacker acting remotely,
to send content or perform parameter negotiation.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
53.5%