curl is vulnerable to privilege escalation. The vulnerability exists due to the unpreserved file permissions in the library which will accidentally widen the permissions for the target file leaving the updated file accessible to more users than intended.
seclists.org/fulldisclosure/2022/Oct/28
seclists.org/fulldisclosure/2022/Oct/41
hackerone.com/reports/1573634
lists.fedoraproject.org/archives/list/[email protected]/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
security.gentoo.org/glsa/202212-01
security.netapp.com/advisory/ntap-20220915-0003/
support.apple.com/kb/HT213488
www.debian.org/security/2022/dsa-5197