AZL-67290 CVE-2025-10148 affecting package cmake for versions less than 3.30.3-10

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

curl 安全漏洞

curl is cURL open source a tool for transferring data from or to the server . There is a security vulnerability in curl that can be exploited by attackers that may cause malicious server-induced traffic to be mistaken for real HTTP traffic by proxy servers, thereby polluting their caches...