The vulnerability of the curl command-line utility’s syntax lies in the improper replacement of the tilde symbol (~) when used as a prefix in the first element of a path. This allows an attacker to bypass filtering or execute arbitrary code.

The vulnerability of the curl command-line utility is related to the incorrect replacement of the tilde symbol when it is used as a prefix in the first element of a path. This occurs in addition to its supposed use as the first element for specifying a path relative to the user’s home directory...

ROS-20230406-21

A vulnerability in the curl program is related to data exchange using the TELNET protocol, which could allow an attacker to pass a specially crafted username and "telnet parameters" during a server negotiation. Exploitation of the vulnerability could allow an attacker acting remotely, to send...

DEBIAN-CVE-2023-27534

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

AZL-25847 CVE-2023-27534 affecting package curl for versions less than 8.0.1-1

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...