QwikSec

Security Database

CVE

CWE

Training

CVE-2021-22923

Published: Aug 5, 2021

Modified: Nov 19, 2024

PUBLISHED

Description

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened.

Vendor	Product	Versions
n/a	https://github.com/curl/curl	affected `curl 7.27.0 to and including 7.77.0`

Weaknesses (CWE)

References

https://hackerone.com/reports/1213181

FEDORA-2021-5d21b90a30

vendor-advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

https://security.netapp.com/advisory/ntap-20210902-0003/

https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.