Lucene search
K

4 matches found

Snyk
Snyk
added 6 days ago13 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data due to the improper clearing of the CURLOPTREFERER option. An attacker can cause sensitive information to be disclosed by forcing the reuse and transmission of a previous referer header ...

7.5CVSS5.9AI score0.00511EPSS
Exploits1References2
Snyk
Snyk
added 6 days ago5 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the GSASL context cleanup process. An attacker can cause arbitrary code execution or a denial of service by triggering the double-free condition. Remediation Upgrade libcurl to version 8.21.0 or higher. References - Curl...

9.8CVSS6.6AI score0.00783EPSS
Exploits1References2
Snyk
Snyk
added 6 days ago6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation when the CURLOPTSSLSESSIONIDCACHE is enabled and the CURLSSLOPTEARLYDATA option is set in CURLOPTSSLOPTIONS. An attacker can intercept and obtain sensitive information by impersonating a server and...

8.3CVSS6AI score0.0032EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.13 views

libcurl 7.88.0 < 8.21.0 HTTP/2 Stream-Dependency Tree Use-After-Free

The version of libcurl installed on the remote host is 7.88.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree and subsequently invokes curleasyreset...

9.8CVSS6AI score0.00646EPSS
Exploits1References2
Rows per page
Query Builder