Wind River Support Network


LIN1021-169 : Security Advisory - curl - CVE-2021-22876

Created: May 18, 2021    Updated: Aug 25, 2021
Resolved Date: Jul 26, 2021
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace


curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.


Live chat