The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a different URL using the wrong host name when it is later retrieved. CREATE(Triage):(User=admin) CVE-2022-27780 (https://nvd.nist.gov/vuln/detail/CVE-2022-27780)