14 lines
1.0 KiB
JSON
14 lines
1.0 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-1908",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1908",
|
|
"title": "An update for curl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
|
|
"severity": "Low",
|
|
"description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen curl is used to retrieve and parse cookies from an HTTP(S) server, it accepts cookies using control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response. Effectively allowing a \"sister site\" to deny service to siblings.\r\n\r\nReference:\r\n\r\nhttps://curl.se/docs/CVE-2022-35252.html(CVE-2022-35252)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-35252",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35252",
|
|
"severity": "Low"
|
|
}
|
|
]
|
|
} |