Wind River Support Network

HomeDefectsLIN1021-169
Fixed

LIN1021-169 : Security Advisory - curl - CVE-2021-22876

Created: May 18, 2021    Updated: Aug 25, 2021
Resolved Date: Jul 26, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.3
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

https://nvd.nist.gov/vuln/detail/CVE-2021-22876

CVEs


Live chat
Online