Wind River Support Network

HomeDefectsLIN1018-7472
Fixed

LIN1018-7472 : Security Advisory - curl - CVE-2021-22876

Created: Mar 31, 2021    Updated: May 23, 2021
Resolved Date: May 23, 2021
Found In Version: 10.18.44.1
Severity: Standard
Applicable for: Wind River Linux LTS 18
Component/s: Userspace

Description

curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

https://nvd.nist.gov/vuln/detail/CVE-2021-22876

CVEs


Live chat
Online